Cross-Model Anecdotes – full_cve_ids_3.1_header · seed=42 · metric=ac
Models: xlnet, lrp-bert, lrp-distilbert

#1 · cve_id CVE-2021-25066 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Ninja Forms ▁Contact ▁Form WordPress plugin ▁before ▁3 . 6 . 10 ▁does ▁not sanitize ▁and e sc ▁a pe ▁some ▁imported ▁data ▁allowing ▁high ▁privilege ▁users ▁to ▁perform Cross-Site Scripting ▁attacks ▁even ▁when ▁the unfiltered ▁_ html ▁capability ▁is disallowed . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
SHAP (words)
The Ninja Forms Contact Form WordPress plugin before 3. 6. 10 does not sanitize and escape some imported data allowing high privilege users to perform Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Ninja Forms Contact Form WordPress plugin before 3 . 6 . 10 does not sanitize and e sc a ##pe some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LRP (+Pred, pos-only)
[CLS] The Ninja Forms Contact Form WordPress plugin before 3 . 6 . 10 does not sanitize and e sc a ##pe some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LIME (words)
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
SHAP (words)
The Ninja Forms Contact Form WordPress plugin before 3. 6. 10 does not sanitize and escape some imported data allowing high privilege users to perform Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Ninja Forms Contact Form WordPress plugin before 3 . 6 . 10 does not sanitize and e sc a ##pe some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LRP (+Pred, pos-only)
[CLS] The Ninja Forms Contact Form WordPress plugin before 3 . 6 . 10 does not sanitize and e sc a ##pe some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed . [SEP]
LIME (words)
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
SHAP (words)
The Ninja Forms Contact Form WordPress plugin before 3. 6. 10 does not sanitize and escape some imported data allowing high privilege users to perform Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed
#2 · cve_id CVE-2021-28075 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
i Ku ai OS ▁3 . 4 . 8 Build ▁20 2012 29 10 59 ▁has ▁an ▁arbitrary ▁file ▁download ▁vulnerability ▁which ▁can ▁be ▁exploited ▁by ▁attackers ▁to ▁obtain ▁sensitive ▁in for matio n . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability which can be exploited by attackers to obtain sensitive information.
SHAP (words)
iKuaiOS 3. 4. 8 Build 202012291059 has an arbitrary file download vulnerability which can be exploited by attackers to obtain sensitive information
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] i ##K ##ua ##i ##OS 3 . 4 . 8 Build 2020 ##12 ##29 ##10 ##5 ##9 has an arbitrary file download vulnerability which can be ex ##p ##lo ite d by attackers to obtain sensitive info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] i ##K ##ua ##i ##OS 3 . 4 . 8 Build 2020 ##12 ##29 ##10 ##5 ##9 has an arbitrary file download vulnerability which can be ex ##p ##lo ite d by attackers to obtain sensitive info ##r matio n . [SEP]
LIME (words)
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability which can be exploited by attackers to obtain sensitive information.
SHAP (words)
iKuaiOS 3. 4. 8 Build 202012291059 has an arbitrary file download vulnerability which can be exploited by attackers to obtain sensitive information
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] i ##K ##ua ##i ##OS 3 . 4 . 8 Build 2020 ##12 ##29 ##10 ##5 ##9 has an arbitrary file download vulnerability which can be ex ##p ##lo ite d by attackers to obtain sensitive info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] i ##K ##ua ##i ##OS 3 . 4 . 8 Build 2020 ##12 ##29 ##10 ##5 ##9 has an arbitrary file download vulnerability which can be ex ##p ##lo ite d by attackers to obtain sensitive info ##r matio n . [SEP]
LIME (words)
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability which can be exploited by attackers to obtain sensitive information.
SHAP (words)
iKuaiOS 3. 4. 8 Build 202012291059 has an arbitrary file download vulnerability which can be exploited by attackers to obtain sensitive information
#3 · cve_id CVE-2021-45003 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁La und ry Booking Manage ment ▁System ▁1 . 0 ( La test ) ▁and ▁previous ▁versions ▁are ▁affected ▁by ▁a ▁remote ▁code ▁execution ( RCE ) ▁vulnerability ▁in ▁profile . php ▁through ▁the " image " param eter ▁that ▁can ▁execute ▁a webshell ▁payload . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.
SHAP (words)
Laundry Booking Management System 1. 0 ( Latest) and previous versions are affected by a remote code execution ( RCE) vulnerability in profile. php through the " image" parameter that can execute a webshell payload
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Lau ##nd ##ry Booking Manage men ##t System 1 . 0 ( Late ##st ) and previous versions are affected by a remote code exec u ##tion ( RCE ) vulnerability in profile . php through the " image " param et ##er that can exec u ##te a webshell payload . [SEP]
LRP (+Pred, pos-only)
[CLS] Lau ##nd ##ry Booking Manage men ##t System 1 . 0 ( Late ##st ) and previous versions are affected by a remote code exec u ##tion ( RCE ) vulnerability in profile . php through the " image " param et ##er that can exec u ##te a webshell payload . [SEP]
LIME (words)
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.
SHAP (words)
Laundry Booking Management System 1. 0 ( Latest) and previous versions are affected by a remote code execution ( RCE) vulnerability in profile. php through the " image" parameter that can execute a webshell payload
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Lau ##nd ##ry Booking Manage men ##t System 1 . 0 ( Late ##st ) and previous versions are affected by a remote code exec u ##tion ( RCE ) vulnerability in profile . php through the " image " param et ##er that can exec u ##te a webshell payload . [SEP]
LRP (+Pred, pos-only)
[CLS] Lau ##nd ##ry Booking Manage men ##t System 1 . 0 ( Late ##st ) and previous versions are affected by a remote code exec u ##tion ( RCE ) vulnerability in profile . php through the " image " param et ##er that can exec u ##te a webshell payload . [SEP]
LIME (words)
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.
SHAP (words)
Laundry Booking Management System 1. 0 ( Latest) and previous versions are affected by a remote code execution ( RCE) vulnerability in profile. php through the " image" parameter that can execute a webshell payload
#4 · cve_id CVE-2021-36392 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In Moodle ▁an SQL inject ion ▁risk ▁was ▁identified ▁in ▁the ▁library fetching ▁a ▁user ' s ▁enrolled ▁courses . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In Moodle an SQL injection risk was identified in the library fetching a user's enrolled courses.
SHAP (words)
In Moodle an SQL injection risk was identified in the library fetching a user' s enrolled courses
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Moodle an SQL inject ion risk was identified in the library fetching a user ' s enrolled courses . [SEP]
LRP (+Pred, pos-only)
[CLS] In Moodle an SQL inject ion risk was identified in the library fetching a user ' s enrolled courses . [SEP]
LIME (words)
In Moodle an SQL injection risk was identified in the library fetching a user's enrolled courses.
SHAP (words)
In Moodle an SQL injection risk was identified in the library fetching a user' s enrolled courses
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Moodle an SQL inject ion risk was identified in the library fetching a user ' s enrolled courses . [SEP]
LRP (+Pred, pos-only)
[CLS] In Moodle an SQL inject ion risk was identified in the library fetching a user ' s enrolled courses . [SEP]
LIME (words)
In Moodle an SQL injection risk was identified in the library fetching a user's enrolled courses.
SHAP (words)
In Moodle an SQL injection risk was identified in the library fetching a user' s enrolled courses
#5 · cve_id CVE-2022-40428 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The d 8 s - mp eg ▁for python ▁as ▁distributed ▁on ▁Py PI ▁included ▁a ▁potential code-execution backdoor ▁inserted ▁by ▁a ▁third ▁party . ▁The backdoor ▁is ▁the ▁demo cri tus - network ing ▁package . ▁The ▁affected ▁version ▁is ▁0 . 1 . 0 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The d8s-mpeg for python as distributed on PyPI included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
SHAP (words)
The d8s- mpeg for python as distributed on PyPI included a potential code- execution backdoor inserted by a third party. The backdoor is the democritus- networking package. The affected version is 0. 1. 0
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The d ##8 ##s - m ##pe ##g for python as distributed on P ##y PI included a potential code-execution backdoor inserted by a third party . The backdoor is the demo ##c ##rit ##us - networking package . The affected version is 0 . 1 . 0 . [SEP]
LRP (+Pred, pos-only)
[CLS] The d ##8 ##s - m ##pe ##g for python as distributed on P ##y PI included a potential code-execution backdoor inserted by a third party . The backdoor is the demo ##c ##rit ##us - networking package . The affected version is 0 . 1 . 0 . [SEP]
LIME (words)
The d8s-mpeg for python as distributed on PyPI included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
SHAP (words)
The d8s- mpeg for python as distributed on PyPI included a potential code- execution backdoor inserted by a third party. The backdoor is the democritus- networking package. The affected version is 0. 1. 0
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The d ##8 ##s - m ##pe ##g for python as distributed on P ##y PI included a potential code-execution backdoor inserted by a third party . The backdoor is the demo ##c ##rit ##us - networking package . The affected version is 0 . 1 . 0 . [SEP]
LRP (+Pred, pos-only)
[CLS] The d ##8 ##s - m ##pe ##g for python as distributed on P ##y PI included a potential code-execution backdoor inserted by a third party . The backdoor is the demo ##c ##rit ##us - networking package . The affected version is 0 . 1 . 0 . [SEP]
LIME (words)
The d8s-mpeg for python as distributed on PyPI included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
SHAP (words)
The d8s- mpeg for python as distributed on PyPI included a potential code- execution backdoor inserted by a third party. The backdoor is the democritus- networking package. The affected version is 0. 1. 0
#6 · cve_id CVE-2021-30952 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁integer overflow ▁was ▁addressed ▁with ▁improved ▁input validation . ▁This ▁issue ▁is ▁fixed ▁in tvOS ▁15 . 2 macOS ▁Monterey ▁12 . 1 Safari ▁15 . 2 ▁iOS ▁15 . 2 ▁and iPadOS ▁15 . 2 watchOS ▁8 . 3 . Processing maliciously ▁crafted ▁web ▁content ▁may ▁lead ▁to ▁arbitrary ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2 macOS Monterey 12.1 Safari 15.2 iOS 15.2 and iPadOS 15.2 watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
SHAP (words)
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15. 2 macOS Monterey 12. 1 Safari 15. 2 iOS 15. 2 and iPadOS 15. 2 watchOS 8. 3. Processing maliciously crafted web content may lead to arbitrary code execution
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An int e ##ger overflow was addressed with improved input validation . This issue is fixed in tvOS 15 . 2 macOS Monterey 12 . 1 Safari 15 . 2 iOS 15 . 2 and iPadOS 15 . 2 watchOS 8 . 3 . Processing maliciously crafted web content may lead to arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] An int e ##ger overflow was addressed with improved input validation . This issue is fixed in tvOS 15 . 2 macOS Monterey 12 . 1 Safari 15 . 2 iOS 15 . 2 and iPadOS 15 . 2 watchOS 8 . 3 . Processing maliciously crafted web content may lead to arbitrary code exec u ##tion . [SEP]
LIME (words)
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2 macOS Monterey 12.1 Safari 15.2 iOS 15.2 and iPadOS 15.2 watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
SHAP (words)
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15. 2 macOS Monterey 12. 1 Safari 15. 2 iOS 15. 2 and iPadOS 15. 2 watchOS 8. 3. Processing maliciously crafted web content may lead to arbitrary code execution
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An int e ##ger overflow was addressed with improved input validation . This issue is fixed in tvOS 15 . 2 macOS Monterey 12 . 1 Safari 15 . 2 iOS 15 . 2 and iPadOS 15 . 2 watchOS 8 . 3 . Processing maliciously crafted web content may lead to arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] An int e ##ger overflow was addressed with improved input validation . This issue is fixed in tvOS 15 . 2 macOS Monterey 12 . 1 Safari 15 . 2 iOS 15 . 2 and iPadOS 15 . 2 watchOS 8 . 3 . Processing maliciously crafted web content may lead to arbitrary code exec u ##tion . [SEP]
LIME (words)
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2 macOS Monterey 12.1 Safari 15.2 iOS 15.2 and iPadOS 15.2 watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
SHAP (words)
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15. 2 macOS Monterey 12. 1 Safari 15. 2 iOS 15. 2 and iPadOS 15. 2 watchOS 8. 3. Processing maliciously crafted web content may lead to arbitrary code execution
#7 · cve_id CVE-2021-34483 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Windows ▁Print Spooler Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Windows Print Spooler Elevation of Privilege Vulnerability
SHAP (words)
Windows Print Spooler Elevation of Privilege Vulnerability
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Print Spooler Elevation of Privilege Vulnerability
SHAP (words)
Windows Print Spooler Elevation of Privilege Vulnerability
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Print Spooler Elevation of Privilege Vulnerability
SHAP (words)
Windows Print Spooler Elevation of Privilege Vulnerability
#8 · cve_id CVE-2020-0930 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A cross-site-scripting ( XSS ) ▁vulnerability ▁exists ▁when ▁Microsoft SharePoint ▁Server ▁does ▁not ▁properly sanitize ▁a spec i ally ▁crafted ▁web ▁request ▁to ▁an ▁affected SharePoint ▁server aka ' Mi cro soft ▁Office SharePoint XSS Vulnerability ' . ▁This CVE ▁ID ▁is ▁unique ▁from CVE - 20 20 - 09 23 CVE - 20 20 - 09 24 CVE - 20 20 - 09 25 CVE - 20 20 - 09 26 CVE - 20 20 - 09 27 CVE - 20 20 - 09 33 CVE - 20 20 - 09 54 CVE - 20 20 - 09 73 CVE - 20 20 - 09 78 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923 CVE-2020-0924 CVE-2020-0925 CVE-2020-0926 CVE-2020-0927 CVE-2020-0933 CVE-2020-0954 CVE-2020-0973 CVE-2020-0978.
SHAP (words)
A cross- site- scripting ( XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE- 2020- 0923 CVE- 2020- 0924 CVE- 2020- 0925 CVE- 2020- 0926 CVE- 2020- 0927 CVE- 2020- 0933 CVE- 2020- 0954 CVE- 2020- 0973 CVE- 2020- 0978
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A cross-site-scripting ( XSS ) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a spec i ##ally crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##23 CVE - 2020 - 09 ##24 CVE - 2020 - 09 ##25 CVE - 2020 - 09 ##26 CVE - 2020 - 09 ##27 CVE - 2020 - 09 ##33 CVE - 2020 - 09 ##5 ##4 CVE - 2020 - 09 ##7 ##3 CVE - 2020 - 09 ##7 ##8 . [SEP]
LRP (+Pred, pos-only)
[CLS] A cross-site-scripting ( XSS ) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a spec i ##ally crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##23 CVE - 2020 - 09 ##24 CVE - 2020 - 09 ##25 CVE - 2020 - 09 ##26 CVE - 2020 - 09 ##27 CVE - 2020 - 09 ##33 CVE - 2020 - 09 ##5 ##4 CVE - 2020 - 09 ##7 ##3 CVE - 2020 - 09 ##7 ##8 . [SEP]
LIME (words)
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923 CVE-2020-0924 CVE-2020-0925 CVE-2020-0926 CVE-2020-0927 CVE-2020-0933 CVE-2020-0954 CVE-2020-0973 CVE-2020-0978.
SHAP (words)
A cross- site- scripting ( XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE- 2020- 0923 CVE- 2020- 0924 CVE- 2020- 0925 CVE- 2020- 0926 CVE- 2020- 0927 CVE- 2020- 0933 CVE- 2020- 0954 CVE- 2020- 0973 CVE- 2020- 0978
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A cross-site-scripting ( XSS ) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a spec i ##ally crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##23 CVE - 2020 - 09 ##24 CVE - 2020 - 09 ##25 CVE - 2020 - 09 ##26 CVE - 2020 - 09 ##27 CVE - 2020 - 09 ##33 CVE - 2020 - 09 ##5 ##4 CVE - 2020 - 09 ##7 ##3 CVE - 2020 - 09 ##7 ##8 . [SEP]
LRP (+Pred, pos-only)
[CLS] A cross-site-scripting ( XSS ) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a spec i ##ally crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##23 CVE - 2020 - 09 ##24 CVE - 2020 - 09 ##25 CVE - 2020 - 09 ##26 CVE - 2020 - 09 ##27 CVE - 2020 - 09 ##33 CVE - 2020 - 09 ##5 ##4 CVE - 2020 - 09 ##7 ##3 CVE - 2020 - 09 ##7 ##8 . [SEP]
LIME (words)
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923 CVE-2020-0924 CVE-2020-0925 CVE-2020-0926 CVE-2020-0927 CVE-2020-0933 CVE-2020-0954 CVE-2020-0973 CVE-2020-0978.
SHAP (words)
A cross- site- scripting ( XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server aka ' Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE- 2020- 0923 CVE- 2020- 0924 CVE- 2020- 0925 CVE- 2020- 0926 CVE- 2020- 0927 CVE- 2020- 0933 CVE- 2020- 0954 CVE- 2020- 0973 CVE- 2020- 0978
#9 · cve_id CVE-2021-39860 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Acrobat ▁Pro ▁DC ▁versions ▁20 21 . 00 5 . 2006 0 ( and ▁earlier ) ▁2020 . 00 4 . 300 06 ( and ▁earlier ) ▁and ▁2017 . 0 11 . 30 19 9 ( and ▁earlier ) ▁are ▁affected ▁by ▁a Null pointer dereference ▁vulnerability . ▁An unauthenticated ▁attacker ▁could ▁leverage ▁this ▁vulnerability ▁to disclose ▁sensitive ▁user ▁memory . Exploitation ▁of ▁this ▁issue ▁requires ▁user ▁interaction ▁in ▁that ▁a ▁victim ▁must ▁open ▁a malicious ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Acrobat Pro DC versions 2021.005.20060 (and earlier) 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Acrobat Pro DC versions 2021. 005. 20060 ( and earlier) 2020. 004. 30006 ( and earlier) and 2017. 011. 30199 ( and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Acrobat Pro DC versions 202 ##1 . 00 ##5 . 2006 ##0 ( and earlier ) 2020 . 00 ##4 . 3000 ##6 ( and earlier ) and 2017 . 01 ##1 . 301 ##9 ##9 ( and earlier ) are affected by a Null pointer dereference vulnerability . An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LRP (+Pred, pos-only)
[CLS] Acrobat Pro DC versions 202 ##1 . 00 ##5 . 2006 ##0 ( and earlier ) 2020 . 00 ##4 . 3000 ##6 ( and earlier ) and 2017 . 01 ##1 . 301 ##9 ##9 ( and earlier ) are affected by a Null pointer dereference vulnerability . An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LIME (words)
Acrobat Pro DC versions 2021.005.20060 (and earlier) 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Acrobat Pro DC versions 2021. 005. 20060 ( and earlier) 2020. 004. 30006 ( and earlier) and 2017. 011. 30199 ( and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Acrobat Pro DC versions 202 ##1 . 00 ##5 . 2006 ##0 ( and earlier ) 2020 . 00 ##4 . 3000 ##6 ( and earlier ) and 2017 . 01 ##1 . 301 ##9 ##9 ( and earlier ) are affected by a Null pointer dereference vulnerability . An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LRP (+Pred, pos-only)
[CLS] Acrobat Pro DC versions 202 ##1 . 00 ##5 . 2006 ##0 ( and earlier ) 2020 . 00 ##4 . 3000 ##6 ( and earlier ) and 2017 . 01 ##1 . 301 ##9 ##9 ( and earlier ) are affected by a Null pointer dereference vulnerability . An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LIME (words)
Acrobat Pro DC versions 2021.005.20060 (and earlier) 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Acrobat Pro DC versions 2021. 005. 20060 ( and earlier) 2020. 004. 30006 ( and earlier) and 2017. 011. 30199 ( and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file
#10 · cve_id CVE-2022-43109 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
D-Link ▁D IR - 8 23 G ▁v 1 . 0 . 2 ▁was ▁found ▁to ▁contain ▁a ▁command inject ion ▁vulnerability ▁in ▁the ▁function ▁Set Network Tom ography Settings . ▁This ▁vulnerability ▁allows ▁attackers ▁to ▁execute ▁arbitrary ▁commands ▁via ▁a ▁crafted ▁packet . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
SHAP (words)
D- Link DIR- 823G v1. 0. 2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] D-Link D IR - 82 ##3 ##G v ##1 . 0 . 2 was found to contain a command inject ion vulnerability in the function Set ##Net ##work ##T ##omo ##graphy Settings . This vulnerability allows attackers to exec u ##te arbitrary commands via a crafted packet . [SEP]
LRP (+Pred, pos-only)
[CLS] D-Link D IR - 82 ##3 ##G v ##1 . 0 . 2 was found to contain a command inject ion vulnerability in the function Set ##Net ##work ##T ##omo ##graphy Settings . This vulnerability allows attackers to exec u ##te arbitrary commands via a crafted packet . [SEP]
LIME (words)
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
SHAP (words)
D- Link DIR- 823G v1. 0. 2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] D-Link D IR - 82 ##3 ##G v ##1 . 0 . 2 was found to contain a command inject ion vulnerability in the function Set ##Net ##work ##T ##omo ##graphy Settings . This vulnerability allows attackers to exec u ##te arbitrary commands via a crafted packet . [SEP]
LRP (+Pred, pos-only)
[CLS] D-Link D IR - 82 ##3 ##G v ##1 . 0 . 2 was found to contain a command inject ion vulnerability in the function Set ##Net ##work ##T ##omo ##graphy Settings . This vulnerability allows attackers to exec u ##te arbitrary commands via a crafted packet . [SEP]
LIME (words)
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.
SHAP (words)
D- Link DIR- 823G v1. 0. 2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet
#11 · cve_id CVE-2022-25850 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁package gi th ub . com / hop p sc o tch / proxy sc o tch ▁before ▁1 . 0 . 0 ▁are ▁vulnerable ▁to Server-side Request Forgery ( SSRF ) ▁when ▁intercept or ▁mode ▁is ▁set ▁to proxy . ▁It ▁occurs ▁when ▁an HTTP ▁request ▁is ▁made ▁by ▁a backend ▁server ▁to ▁an untrusted URL ▁submitted ▁by ▁a ▁user . ▁It ▁leads ▁to ▁a leakage ▁of ▁sensitive ▁in for matio n ▁from ▁the ▁server . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
SHAP (words)
The package github. com/ hoppscotch/ proxyscotch before 1. 0. 0 are vulnerable to Server- side Request Forgery ( SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The package git hub . com / hop ##p sc o ##tch / proxy sc o ##tch before 1 . 0 . 0 are vulnerable to Server-side Request Forgery ( SSRF ) when int er ##ceptor mod e is set to proxy . It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user . It leads to a leakage of sensitive info ##r matio n from the server . [SEP]
LRP (+Pred, pos-only)
[CLS] The package git hub . com / hop ##p sc o ##tch / proxy sc o ##tch before 1 . 0 . 0 are vulnerable to Server-side Request Forgery ( SSRF ) when int er ##ceptor mod e is set to proxy . It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user . It leads to a leakage of sensitive info ##r matio n from the server . [SEP]
LIME (words)
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
SHAP (words)
The package github. com/ hoppscotch/ proxyscotch before 1. 0. 0 are vulnerable to Server- side Request Forgery ( SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The package git hub . com / hop ##p sc o ##tch / proxy sc o ##tch before 1 . 0 . 0 are vulnerable to Server-side Request Forgery ( SSRF ) when int er ##ceptor mod e is set to proxy . It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user . It leads to a leakage of sensitive info ##r matio n from the server . [SEP]
LRP (+Pred, pos-only)
[CLS] The package git hub . com / hop ##p sc o ##tch / proxy sc o ##tch before 1 . 0 . 0 are vulnerable to Server-side Request Forgery ( SSRF ) when int er ##ceptor mod e is set to proxy . It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user . It leads to a leakage of sensitive info ##r matio n from the server . [SEP]
LIME (words)
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
SHAP (words)
The package github. com/ hoppscotch/ proxyscotch before 1. 0. 0 are vulnerable to Server- side Request Forgery ( SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server
#12 · cve_id CVE-2020-27823 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A flaw ▁was ▁found ▁in OpenJPEG s encoder . ▁This flaw ▁allows ▁an ▁attacker ▁to ▁pass spec i ally ▁crafted ▁x y ▁offset ▁input ▁to OpenJPEG ▁to ▁use ▁during ▁encoding . ▁The ▁highest ▁threat ▁from ▁this ▁vulnerability ▁is ▁to confidentiality ▁integrity ▁as ▁well ▁as ▁system ▁availability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.
SHAP (words)
A flaw was found in OpenJPEG’ s encoder. This flaw allows an attacker to pass specially crafted x y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality integrity as well as system availability
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A flaw was found in OpenJPEG s encoder . This flaw allows an attacker to pass spec i ##ally crafted x y offset input to OpenJPEG to use d uri ng encoding . The highest threat from this vulnerability is to confidentiality int e ##g ##rity as well as system availability . [SEP]
LRP (+Pred, pos-only)
[CLS] A flaw was found in OpenJPEG s encoder . This flaw allows an attacker to pass spec i ##ally crafted x y offset input to OpenJPEG to use d uri ng encoding . The highest threat from this vulnerability is to confidentiality int e ##g ##rity as well as system availability . [SEP]
LIME (words)
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.
SHAP (words)
A flaw was found in OpenJPEG’ s encoder. This flaw allows an attacker to pass specially crafted x y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality integrity as well as system availability
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A flaw was found in OpenJPEG s encoder . This flaw allows an attacker to pass spec i ##ally crafted x y offset input to OpenJPEG to use d uri ng encoding . The highest threat from this vulnerability is to confidentiality int e ##g ##rity as well as system availability . [SEP]
LRP (+Pred, pos-only)
[CLS] A flaw was found in OpenJPEG s encoder . This flaw allows an attacker to pass spec i ##ally crafted x y offset input to OpenJPEG to use d uri ng encoding . The highest threat from this vulnerability is to confidentiality int e ##g ##rity as well as system availability . [SEP]
LIME (words)
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.
SHAP (words)
A flaw was found in OpenJPEG’ s encoder. This flaw allows an attacker to pass specially crafted x y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality integrity as well as system availability
#13 · cve_id CVE-2020-12519 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁On ▁Phoenix ▁Contact PLC ▁next ▁Control Devices ▁versions ▁before ▁20 21 . 0 LTS ▁an ▁attacker ▁can ▁use ▁this ▁vulnerability i . e . ▁to ▁open ▁a ▁reverse ▁shell ▁with ▁root ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.
SHAP (words)
On Phoenix Contact PLCnext Control Devices versions before 2021. 0 LTS an attacker can use this vulnerability i. e. to open a reverse shell with root privileges
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] On Phoenix Contact PLC next Control Devices versions before 202 ##1 . 0 LTS an attacker can use this vulnerability i . e . to open a reverse shell with root privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] On Phoenix Contact PLC next Control Devices versions before 202 ##1 . 0 LTS an attacker can use this vulnerability i . e . to open a reverse shell with root privileges . [SEP]
LIME (words)
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.
SHAP (words)
On Phoenix Contact PLCnext Control Devices versions before 2021. 0 LTS an attacker can use this vulnerability i. e. to open a reverse shell with root privileges
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] On Phoenix Contact PLC next Control Devices versions before 202 ##1 . 0 LTS an attacker can use this vulnerability i . e . to open a reverse shell with root privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] On Phoenix Contact PLC next Control Devices versions before 202 ##1 . 0 LTS an attacker can use this vulnerability i . e . to open a reverse shell with root privileges . [SEP]
LIME (words)
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.
SHAP (words)
On Phoenix Contact PLCnext Control Devices versions before 2021. 0 LTS an attacker can use this vulnerability i. e. to open a reverse shell with root privileges
#14 · cve_id CVE-2020-6813 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁When ▁protecting CSS ▁blocks ▁with ▁the nonce ▁feature ▁of ▁Content ▁Security ▁Policy ▁the @ im port ▁statement ▁in ▁the CSS ▁block ▁could ▁allow ▁an ▁attacker ▁to inject ▁arbitrary ▁styles bypassing ▁the ▁intent ▁of ▁the ▁Content ▁Security ▁Policy . ▁This ▁vulnerability ▁affects Firefox ▁< ▁74 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
When protecting CSS blocks with the nonce feature of Content Security Policy the @import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.
SHAP (words)
When protecting CSS blocks with the nonce feature of Content Security Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] When protecting CSS blocks with the nonce feature of Content Se ##c uri t ##y Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the int en ##t of the Content Se ##c uri t ##y Policy . This vulnerability affects Firefox < 74 . [SEP]
LRP (+Pred, pos-only)
[CLS] When protecting CSS blocks with the nonce feature of Content Se ##c uri t ##y Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the int en ##t of the Content Se ##c uri t ##y Policy . This vulnerability affects Firefox < 74 . [SEP]
LIME (words)
When protecting CSS blocks with the nonce feature of Content Security Policy the @import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.
SHAP (words)
When protecting CSS blocks with the nonce feature of Content Security Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] When protecting CSS blocks with the nonce feature of Content Se ##c uri t ##y Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the int en ##t of the Content Se ##c uri t ##y Policy . This vulnerability affects Firefox < 74 . [SEP]
LRP (+Pred, pos-only)
[CLS] When protecting CSS blocks with the nonce feature of Content Se ##c uri t ##y Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the int en ##t of the Content Se ##c uri t ##y Policy . This vulnerability affects Firefox < 74 . [SEP]
LIME (words)
When protecting CSS blocks with the nonce feature of Content Security Policy the @import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.
SHAP (words)
When protecting CSS blocks with the nonce feature of Content Security Policy the @ import statement in the CSS block could allow an attacker to inject arbitrary styles bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74
#15 · cve_id CVE-2021-37098 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Hi link s vc ▁service ▁exists ▁a ▁Data Processing Errors ▁vulnerability . Successful ▁exploitation ▁of ▁this ▁vulnerability ▁may ▁cause ▁application ▁crash . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.
SHAP (words)
Hilinksvc service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Hi ##link ##s ##v ##c service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash . [SEP]
LRP (+Pred, pos-only)
[CLS] Hi ##link ##s ##v ##c service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash . [SEP]
LIME (words)
Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.
SHAP (words)
Hilinksvc service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Hi ##link ##s ##v ##c service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash . [SEP]
LRP (+Pred, pos-only)
[CLS] Hi ##link ##s ##v ##c service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash . [SEP]
LIME (words)
Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.
SHAP (words)
Hilinksvc service exists a Data Processing Errors vulnerability . Successful exploitation of this vulnerability may cause application crash
#16 · cve_id CVE-2023-27647 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁found ▁in ▁D UAL SPA CE ▁Lock ▁Master ▁v . 2 . 2 . 4 ▁allows ▁a ▁local ▁attacker ▁to ▁cause ▁a ▁denial ▁of ▁service ▁or ▁gain ▁sensitive ▁in for matio n ▁via ▁the ▁com . lu d ashi . super lock . util . pre f . Shared ▁Pre f Provider ▁Entry Me tho d : ▁insert ▁of ▁the android . net . U ri . ins ert ▁method . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
SHAP (words)
An issue found in DUALSPACE Lock Master v. 2. 2. 4 allows a local attacker to cause a denial of service or gain sensitive information via the com. ludashi. superlock. util. pref. SharedPrefProviderEntryMethod: insert of the android. net. Uri. insert method
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue found in D UA L ##S PAC E Lock Master v . 2 . 2 . 4 allows a local attacker to cause a denial of service or gain sensitive info ##r matio n via the com . l ##uda ##shi . super ##lock . u ##til . pre ##f . Shared Pre ##f Provider Entry ##M ##eth ##od : insert of the android . net . U ##ri . insert method . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue found in D UA L ##S PAC E Lock Master v . 2 . 2 . 4 allows a local attacker to cause a denial of service or gain sensitive info ##r matio n via the com . l ##uda ##shi . super ##lock . u ##til . pre ##f . Shared Pre ##f Provider Entry ##M ##eth ##od : insert of the android . net . U ##ri . insert method . [SEP]
LIME (words)
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
SHAP (words)
An issue found in DUALSPACE Lock Master v. 2. 2. 4 allows a local attacker to cause a denial of service or gain sensitive information via the com. ludashi. superlock. util. pref. SharedPrefProviderEntryMethod: insert of the android. net. Uri. insert method
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue found in D UA L ##S PAC E Lock Master v . 2 . 2 . 4 allows a local attacker to cause a denial of service or gain sensitive info ##r matio n via the com . l ##uda ##shi . super ##lock . u ##til . pre ##f . Shared Pre ##f Provider Entry ##M ##eth ##od : insert of the android . net . U ##ri . insert method . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue found in D UA L ##S PAC E Lock Master v . 2 . 2 . 4 allows a local attacker to cause a denial of service or gain sensitive info ##r matio n via the com . l ##uda ##shi . super ##lock . u ##til . pre ##f . Shared Pre ##f Provider Entry ##M ##eth ##od : insert of the android . net . U ##ri . insert method . [SEP]
LIME (words)
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
SHAP (words)
An issue found in DUALSPACE Lock Master v. 2. 2. 4 allows a local attacker to cause a denial of service or gain sensitive information via the com. ludashi. superlock. util. pref. SharedPrefProviderEntryMethod: insert of the android. net. Uri. insert method
#17 · cve_id CVE-2019-2975 · ac
GT=HIGH (1)
xlnet · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Java ▁SE ▁Java ▁SE Embedded ▁product ▁of ▁Oracle ▁Java ▁SE ( com ponent : Scripting ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁Java ▁SE : ▁8 u 221 ▁11 . 0 . 4 ▁and ▁13 ; ▁Java ▁SE Embedded : ▁8 u 221 . Difficult ▁to ▁exploit ▁vulnerability ▁allows unauthenticated ▁attacker ▁with ▁network ▁access ▁via ▁multiple ▁protocols ▁to ▁compromise ▁Java ▁SE ▁Java ▁SE Embedded . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁update ▁insert ▁or delete ▁access ▁to ▁some ▁of ▁Java ▁SE ▁Java ▁SE Embedded acce ssi ble ▁data ▁and unauthorized ▁ability ▁to ▁cause ▁a ▁partial ▁denial ▁of ▁service ( part ial ▁DO S ) ▁of ▁Java ▁SE ▁Java ▁SE Embedded . ▁Note : ▁This ▁vulnerability ▁applies ▁to ▁Java deployments ▁typically ▁in ▁clients ▁running sandboxed ▁Java ▁Web ▁Start ▁applications ▁or sandboxed ▁Java applets ( in ▁Java ▁SE ▁8 ) ▁that ▁load ▁and ▁run untrusted ▁code ( e . g . ▁code ▁that ▁comes ▁from ▁the ▁internet ) ▁and ▁rely ▁on ▁the ▁Java sandbox ▁for ▁security . ▁This ▁vulnerability ▁can ▁also ▁be ▁exploited ▁by ▁using APIs ▁in ▁the spec ified Component e . g . ▁through ▁a ▁web ▁service ▁which ▁supplies ▁data ▁to ▁the APIs . CVSS ▁3 . 0 ▁Base ▁Score ▁4 . 8 ( Integrity ▁and Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : H / PR : N / UI : N / S : U / C : N / I : L / A : L ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE Java SE Embedded. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8) that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
SHAP (words)
Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component: Scripting). Supported versions that are affected are Java SE: 8u221 11. 0. 4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service ( partial DOS) of Java SE Java SE Embedded. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets ( in Java SE 8) that load and run untrusted code ( e. g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e. g. through a web service which supplies data to the APIs. CVSS 3. 0 Base Score 4. 8 ( Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: H/ PR: N/ UI: N/ S: U/ C: N/ I: L/ A: L
lrp-bert · Pred=HIGH (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component : Scripting ) . Supported versions that are affected are Java SE : 8 ##u ##22 ##1 11 . 0 . 4 and 13 ; Java SE Embedded : 8 ##u ##22 ##1 . Difficult to exploit vulnerability allows unauthenticated attacker with network access via m ##ult ip le protocols to compromise Java SE Java SE Embedded . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Java SE Java SE Embedded . Note : This vulnerability applies to Java deployments typically in cli en ##ts running sandboxed Java Web S tar t applications or sandboxed Java applets ( in Java SE 8 ) that load and run untrusted code ( e . g . code that comes from the int er ##net ) and rely on the Java sandbox for se ##c uri t ##y . This vulnerability can also be ex ##p ##lo ite d by using APIs in the spec if ##ied Component e . g . through a web service which supplies data to the APIs . CVSS 3 . 0 Base Score 4 . 8 ( Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : H / PR : N / UI : N / S : U / C : N / I : L / A : L ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component : Scripting ) . Supported versions that are affected are Java SE : 8 ##u ##22 ##1 11 . 0 . 4 and 13 ; Java SE Embedded : 8 ##u ##22 ##1 . Difficult to exploit vulnerability allows unauthenticated attacker with network access via m ##ult ip le protocols to compromise Java SE Java SE Embedded . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Java SE Java SE Embedded . Note : This vulnerability applies to Java deployments typically in cli en ##ts running sandboxed Java Web S tar t applications or sandboxed Java applets ( in Java SE 8 ) that load and run untrusted code ( e . g . code that comes from the int er ##net ) and rely on the Java sandbox for se ##c uri t ##y . This vulnerability can also be ex ##p ##lo ite d by using APIs in the spec if ##ied Component e . g . through a web service which supplies data to the APIs . CVSS 3 . 0 Base Score 4 . 8 ( Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : H / PR : N / UI : N / S : U / C : N / I : L / A : L ) . [SEP]
LIME (words)
Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE Java SE Embedded. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8) that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
SHAP (words)
Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component: Scripting). Supported versions that are affected are Java SE: 8u221 11. 0. 4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service ( partial DOS) of Java SE Java SE Embedded. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets ( in Java SE 8) that load and run untrusted code ( e. g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e. g. through a web service which supplies data to the APIs. CVSS 3. 0 Base Score 4. 8 ( Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: H/ PR: N/ UI: N/ S: U/ C: N/ I: L/ A: L
lrp-distilbert · Pred=HIGH (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component : Scripting ) . Supported versions that are affected are Java SE : 8 ##u ##22 ##1 11 . 0 . 4 and 13 ; Java SE Embedded : 8 ##u ##22 ##1 . Difficult to exploit vulnerability allows unauthenticated attacker with network access via m ##ult ip le protocols to compromise Java SE Java SE Embedded . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Java SE Java SE Embedded . Note : This vulnerability applies to Java deployments typically in cli en ##ts running sandboxed Java Web S tar t applications or sandboxed Java applets ( in Java SE 8 ) that load and run untrusted code ( e . g . code that comes from the int er ##net ) and rely on the Java sandbox for se ##c uri t ##y . This vulnerability can also be ex ##p ##lo ite d by using APIs in the spec if ##ied Component e . g . through a web service which supplies data to the APIs . CVSS 3 . 0 Base Score 4 . 8 ( Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : H / PR : N / UI : N / S : U / C : N / I : L / A : L ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component : Scripting ) . Supported versions that are affected are Java SE : 8 ##u ##22 ##1 11 . 0 . 4 and 13 ; Java SE Embedded : 8 ##u ##22 ##1 . Difficult to exploit vulnerability allows unauthenticated attacker with network access via m ##ult ip le protocols to compromise Java SE Java SE Embedded . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Java SE Java SE Embedded . Note : This vulnerability applies to Java deployments typically in cli en ##ts running sandboxed Java Web S tar t applications or sandboxed Java applets ( in Java SE 8 ) that load and run untrusted code ( e . g . code that comes from the int er ##net ) and rely on the Java sandbox for se ##c uri t ##y . This vulnerability can also be ex ##p ##lo ite d by using APIs in the spec if ##ied Component e . g . through a web service which supplies data to the APIs . CVSS 3 . 0 Base Score 4 . 8 ( Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : H / PR : N / UI : N / S : U / C : N / I : L / A : L ) . [SEP]
LIME (words)
Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE Java SE Embedded. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8) that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
SHAP (words)
Vulnerability in the Java SE Java SE Embedded product of Oracle Java SE ( component: Scripting). Supported versions that are affected are Java SE: 8u221 11. 0. 4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Java SE Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service ( partial DOS) of Java SE Java SE Embedded. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets ( in Java SE 8) that load and run untrusted code ( e. g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e. g. through a web service which supplies data to the APIs. CVSS 3. 0 Base Score 4. 8 ( Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: H/ PR: N/ UI: N/ S: U/ C: N/ I: L/ A: L
#18 · cve_id CVE-2019-20630 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in lib g pac . a ▁in GPAC ▁before ▁0 . 8 . 0 ▁as ▁demonstrated ▁by ▁MP 4 Box . ▁It ▁contains ▁a heap-based ▁buffer over-read ▁in BS _ Read By te ( called ▁from g f _ bs _ read _ bit ) ▁in util s / bit stream . c ▁that ▁can ▁cause ▁a ▁denial ▁of ▁service ▁via ▁a ▁crafted ▁MP 4 ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in libgpac.a in GPAC before 0.8.0 as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
SHAP (words)
An issue was discovered in libgpac. a in GPAC before 0. 8. 0 as demonstrated by MP4Box. It contains a heap- based buffer over- read in BS_ReadByte ( called from gf_bs_read_bit) in utils/ bitstream. c that can cause a denial of service via a crafted MP4 file
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in l ##ib ##g ##pa ##c . a in GPAC before 0 . 8 . 0 as demonstrated by MP ##4 ##B ##ox . It contains a heap-based buffer over-read in BS _ Read ##B ##yte ( called from g ##f _ b ##s _ read _ bit ) in u ##til ##s / bits ##tre ##am . c that can cause a denial of service via a crafted MP ##4 file . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in l ##ib ##g ##pa ##c . a in GPAC before 0 . 8 . 0 as demonstrated by MP ##4 ##B ##ox . It contains a heap-based buffer over-read in BS _ Read ##B ##yte ( called from g ##f _ b ##s _ read _ bit ) in u ##til ##s / bits ##tre ##am . c that can cause a denial of service via a crafted MP ##4 file . [SEP]
LIME (words)
An issue was discovered in libgpac.a in GPAC before 0.8.0 as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
SHAP (words)
An issue was discovered in libgpac. a in GPAC before 0. 8. 0 as demonstrated by MP4Box. It contains a heap- based buffer over- read in BS_ReadByte ( called from gf_bs_read_bit) in utils/ bitstream. c that can cause a denial of service via a crafted MP4 file
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in l ##ib ##g ##pa ##c . a in GPAC before 0 . 8 . 0 as demonstrated by MP ##4 ##B ##ox . It contains a heap-based buffer over-read in BS _ Read ##B ##yte ( called from g ##f _ b ##s _ read _ bit ) in u ##til ##s / bits ##tre ##am . c that can cause a denial of service via a crafted MP ##4 file . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in l ##ib ##g ##pa ##c . a in GPAC before 0 . 8 . 0 as demonstrated by MP ##4 ##B ##ox . It contains a heap-based buffer over-read in BS _ Read ##B ##yte ( called from g ##f _ b ##s _ read _ bit ) in u ##til ##s / bits ##tre ##am . c that can cause a denial of service via a crafted MP ##4 file . [SEP]
LIME (words)
An issue was discovered in libgpac.a in GPAC before 0.8.0 as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
SHAP (words)
An issue was discovered in libgpac. a in GPAC before 0. 8. 0 as demonstrated by MP4Box. It contains a heap- based buffer over- read in BS_ReadByte ( called from gf_bs_read_bit) in utils/ bitstream. c that can cause a denial of service via a crafted MP4 file
#19 · cve_id CVE-2020-6390 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Out ▁of ▁bound s ▁memory ▁access ▁in ▁streams ▁in ▁Google Chrome ▁prior ▁to ▁80 . 0 . 39 87 . 87 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Out of bounds memory access in streams in Google Chrome prior to 80. 0. 3987. 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Out of bounds memory access in streams in Google Chrome prior to 80 . 0 . 39 ##8 ##7 . 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Out of bounds memory access in streams in Google Chrome prior to 80 . 0 . 39 ##8 ##7 . 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Out of bounds memory access in streams in Google Chrome prior to 80. 0. 3987. 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Out of bounds memory access in streams in Google Chrome prior to 80 . 0 . 39 ##8 ##7 . 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Out of bounds memory access in streams in Google Chrome prior to 80 . 0 . 39 ##8 ##7 . 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Out of bounds memory access in streams in Google Chrome prior to 80. 0. 3987. 87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
#20 · cve_id CVE-2020-7974 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
GitLab EE ▁10 . 1 ▁through ▁12 . 7 . 2 ▁allows ▁In for matio n Disclosure . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
SHAP (words)
GitLab EE 10. 1 through 12. 7. 2 allows Information Disclosure
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] GitLab EE 10 . 1 through 12 . 7 . 2 allows In ##fo ##r matio n Disclosure . [SEP]
LRP (+Pred, pos-only)
[CLS] GitLab EE 10 . 1 through 12 . 7 . 2 allows In ##fo ##r matio n Disclosure . [SEP]
LIME (words)
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
SHAP (words)
GitLab EE 10. 1 through 12. 7. 2 allows Information Disclosure
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] GitLab EE 10 . 1 through 12 . 7 . 2 allows In ##fo ##r matio n Disclosure . [SEP]
LRP (+Pred, pos-only)
[CLS] GitLab EE 10 . 1 through 12 . 7 . 2 allows In ##fo ##r matio n Disclosure . [SEP]
LIME (words)
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
SHAP (words)
GitLab EE 10. 1 through 12. 7. 2 allows Information Disclosure
#21 · cve_id CVE-2021-37154 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁For ge Rock ▁Access Manage ment ( AM ) ▁before ▁7 . 0 . 2 ▁the SAML ▁2 ▁implementation ▁allows ▁XML inject ion ▁potentially ▁enabling ▁a ▁fraudulent SAML ▁2 . 0 ▁assertion . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In ForgeRock Access Management (AM) before 7.0.2 the SAML2 implementation allows XML injection potentially enabling a fraudulent SAML 2.0 assertion.
SHAP (words)
In ForgeRock Access Management ( AM) before 7. 0. 2 the SAML2 implementation allows XML injection potentially enabling a fraudulent SAML 2. 0 assertion
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In For ##ge ##R ##ock Access Manage men ##t ( AM ) before 7 . 0 . 2 the SAML 2 implementation allows XML inject ion potentially enabling a fraud ##ulent SAML 2 . 0 assertion . [SEP]
LRP (+Pred, pos-only)
[CLS] In For ##ge ##R ##ock Access Manage men ##t ( AM ) before 7 . 0 . 2 the SAML 2 implementation allows XML inject ion potentially enabling a fraud ##ulent SAML 2 . 0 assertion . [SEP]
LIME (words)
In ForgeRock Access Management (AM) before 7.0.2 the SAML2 implementation allows XML injection potentially enabling a fraudulent SAML 2.0 assertion.
SHAP (words)
In ForgeRock Access Management ( AM) before 7. 0. 2 the SAML2 implementation allows XML injection potentially enabling a fraudulent SAML 2. 0 assertion
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In For ##ge ##R ##ock Access Manage men ##t ( AM ) before 7 . 0 . 2 the SAML 2 implementation allows XML inject ion potentially enabling a fraud ##ulent SAML 2 . 0 assertion . [SEP]
LRP (+Pred, pos-only)
[CLS] In For ##ge ##R ##ock Access Manage men ##t ( AM ) before 7 . 0 . 2 the SAML 2 implementation allows XML inject ion potentially enabling a fraud ##ulent SAML 2 . 0 assertion . [SEP]
LIME (words)
In ForgeRock Access Management (AM) before 7.0.2 the SAML2 implementation allows XML injection potentially enabling a fraudulent SAML 2.0 assertion.
SHAP (words)
In ForgeRock Access Management ( AM) before 7. 0. 2 the SAML2 implementation allows XML injection potentially enabling a fraudulent SAML 2. 0 assertion
#22 · cve_id CVE-2020-25117 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The Admin CP ▁in vBulletin ▁5 . 6 . 3 ▁allows XSS ▁via ▁a ▁Junior ▁Member ▁Title ▁to User ▁Title Manage r . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
SHAP (words)
The Admin CP in vBulletin 5. 6. 3 allows XSS via a Junior Member Title to User Title Manager
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Admin CP in vBulletin 5 . 6 . 3 allows XSS via a Junior Member Title to User Title Manage r . [SEP]
LRP (+Pred, pos-only)
[CLS] The Admin CP in vBulletin 5 . 6 . 3 allows XSS via a Junior Member Title to User Title Manage r . [SEP]
LIME (words)
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
SHAP (words)
The Admin CP in vBulletin 5. 6. 3 allows XSS via a Junior Member Title to User Title Manager
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Admin CP in vBulletin 5 . 6 . 3 allows XSS via a Junior Member Title to User Title Manage r . [SEP]
LRP (+Pred, pos-only)
[CLS] The Admin CP in vBulletin 5 . 6 . 3 allows XSS via a Junior Member Title to User Title Manage r . [SEP]
LIME (words)
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
SHAP (words)
The Admin CP in vBulletin 5. 6. 3 allows XSS via a Junior Member Title to User Title Manager
#23 · cve_id CVE-2022-45588 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁All ▁versions ▁before ▁R 20 22 - 09 ▁of ▁Tal end ' s Remote ▁Engine ▁Gen ▁2 ▁are ▁potentially ▁vulnerable ▁to ▁XML ▁External Entity ( XXE ) ▁type ▁of ▁attacks . User s ▁should ▁download ▁the ▁R 20 22 - 09 ▁release ▁or ▁later ▁and ▁use ▁it ▁in ▁place ▁of ▁the ▁previous ▁version . ▁Tal end Remote ▁Engine ▁Gen ▁1 ▁and ▁Tal end ▁Cloud ▁Engine ▁for ▁Design ▁are ▁not ▁impacted . ▁This XXE ▁vulnerability ▁could ▁only ▁be ▁exploited ▁by ▁someone ▁with ▁the ▁appropriate ▁rights ▁to ▁edit pipelines ▁on ▁the ▁Tal end ▁platform . ▁It ▁could ▁not ▁be ▁triggered ▁remotely ▁or ▁by ▁other ▁user ▁input . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
SHAP (words)
All versions before R2022- 09 of Talend' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE) type of attacks. Users should download the R2022- 09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] All versions before R ##20 ##22 - 09 of Tale ##nd ' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE ) type of attacks . User s should download the R ##20 ##22 - 09 release or later and use it in place of the previous version . Tale ##nd Remote Engine Gen 1 and Tale ##nd Cloud Engine for Design are not impacted . This XXE vulnerability could only be ex ##p ##lo ite d by someone with the appropriate rights to edit pipelines on the Tale ##nd platform . It could not be triggered remotely or by other user input . [SEP]
LRP (+Pred, pos-only)
[CLS] All versions before R ##20 ##22 - 09 of Tale ##nd ' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE ) type of attacks . User s should download the R ##20 ##22 - 09 release or later and use it in place of the previous version . Tale ##nd Remote Engine Gen 1 and Tale ##nd Cloud Engine for Design are not impacted . This XXE vulnerability could only be ex ##p ##lo ite d by someone with the appropriate rights to edit pipelines on the Tale ##nd platform . It could not be triggered remotely or by other user input . [SEP]
LIME (words)
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
SHAP (words)
All versions before R2022- 09 of Talend' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE) type of attacks. Users should download the R2022- 09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] All versions before R ##20 ##22 - 09 of Tale ##nd ' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE ) type of attacks . User s should download the R ##20 ##22 - 09 release or later and use it in place of the previous version . Tale ##nd Remote Engine Gen 1 and Tale ##nd Cloud Engine for Design are not impacted . This XXE vulnerability could only be ex ##p ##lo ite d by someone with the appropriate rights to edit pipelines on the Tale ##nd platform . It could not be triggered remotely or by other user input . [SEP]
LRP (+Pred, pos-only)
[CLS] All versions before R ##20 ##22 - 09 of Tale ##nd ' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE ) type of attacks . User s should download the R ##20 ##22 - 09 release or later and use it in place of the previous version . Tale ##nd Remote Engine Gen 1 and Tale ##nd Cloud Engine for Design are not impacted . This XXE vulnerability could only be ex ##p ##lo ite d by someone with the appropriate rights to edit pipelines on the Tale ##nd platform . It could not be triggered remotely or by other user input . [SEP]
LIME (words)
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
SHAP (words)
All versions before R2022- 09 of Talend' s Remote Engine Gen 2 are potentially vulnerable to XML External Entity ( XXE) type of attacks. Users should download the R2022- 09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input
#24 · cve_id CVE-2024-21622 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Craft ▁is ▁a ▁content ▁man a gem ent ▁system . ▁This ▁is ▁a ▁potential ▁moderate ▁impact ▁low ▁complexity ▁privilege escalation ▁vulnerability ▁in Craft ▁starting ▁in ▁3 . x ▁prior ▁to ▁3 . 9 . 6 ▁and ▁4 . x ▁prior ▁to ▁4 . 4 . 16 ▁with ▁certain ▁user permissions setups . ▁This ▁has ▁been ▁fixed ▁in Craft ▁4 . 4 . 16 ▁and Craft ▁3 . 9 . 6 . User s ▁should ▁ensure ▁they ▁are ▁running ▁at ▁least ▁those ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Craft is a content management system. This is a potential moderate impact low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
SHAP (words)
Craft is a content management system. This is a potential moderate impact low complexity privilege escalation vulnerability in Craft starting in 3. x prior to 3. 9. 6 and 4. x prior to 4. 4. 16 with certain user permissions setups. This has been fixed in Craft 4. 4. 16 and Craft 3. 9. 6. Users should ensure they are running at least those versions
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Craft is a content man ##a gem en ##t system . This is a potential mod era ##te impact low complexity privilege escalation vulnerability in Craft s tar tin ##g in 3 . x prior to 3 . 9 . 6 and 4 . x prior to 4 . 4 . 16 with certain user permissions setups . This has been fixed in Craft 4 . 4 . 16 and Craft 3 . 9 . 6 . User s should ensure they are running at least those versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Craft is a content man ##a gem en ##t system . This is a potential mod era ##te impact low complexity privilege escalation vulnerability in Craft s tar tin ##g in 3 . x prior to 3 . 9 . 6 and 4 . x prior to 4 . 4 . 16 with certain user permissions setups . This has been fixed in Craft 4 . 4 . 16 and Craft 3 . 9 . 6 . User s should ensure they are running at least those versions . [SEP]
LIME (words)
Craft is a content management system. This is a potential moderate impact low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
SHAP (words)
Craft is a content management system. This is a potential moderate impact low complexity privilege escalation vulnerability in Craft starting in 3. x prior to 3. 9. 6 and 4. x prior to 4. 4. 16 with certain user permissions setups. This has been fixed in Craft 4. 4. 16 and Craft 3. 9. 6. Users should ensure they are running at least those versions
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Craft is a content man ##a gem en ##t system . This is a potential mod era ##te impact low complexity privilege escalation vulnerability in Craft s tar tin ##g in 3 . x prior to 3 . 9 . 6 and 4 . x prior to 4 . 4 . 16 with certain user permissions setups . This has been fixed in Craft 4 . 4 . 16 and Craft 3 . 9 . 6 . User s should ensure they are running at least those versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Craft is a content man ##a gem en ##t system . This is a potential mod era ##te impact low complexity privilege escalation vulnerability in Craft s tar tin ##g in 3 . x prior to 3 . 9 . 6 and 4 . x prior to 4 . 4 . 16 with certain user permissions setups . This has been fixed in Craft 4 . 4 . 16 and Craft 3 . 9 . 6 . User s should ensure they are running at least those versions . [SEP]
LIME (words)
Craft is a content management system. This is a potential moderate impact low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
SHAP (words)
Craft is a content management system. This is a potential moderate impact low complexity privilege escalation vulnerability in Craft starting in 3. x prior to 3. 9. 6 and 4. x prior to 4. 4. 16 with certain user permissions setups. This has been fixed in Craft 4. 4. 16 and Craft 3. 9. 6. Users should ensure they are running at least those versions
#25 · cve_id CVE-2022-0452 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Use ▁after ▁free ▁in ▁Safe Browsing ▁in ▁Google Chrome ▁prior ▁to ▁98 . 0 . 47 58 . 80 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁perform ▁a sandbox e sc ▁a pe ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
SHAP (words)
Use after free in Safe Browsing in Google Chrome prior to 98. 0. 4758. 80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Use after free in Safe Browsing in Google Chrome prior to 98 . 0 . 47 ##5 ##8 . 80 allowed a remote attacker to potentially perform a sandbox e sc a ##pe via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Use after free in Safe Browsing in Google Chrome prior to 98 . 0 . 47 ##5 ##8 . 80 allowed a remote attacker to potentially perform a sandbox e sc a ##pe via a crafted HTML page . [SEP]
LIME (words)
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
SHAP (words)
Use after free in Safe Browsing in Google Chrome prior to 98. 0. 4758. 80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Use after free in Safe Browsing in Google Chrome prior to 98 . 0 . 47 ##5 ##8 . 80 allowed a remote attacker to potentially perform a sandbox e sc a ##pe via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Use after free in Safe Browsing in Google Chrome prior to 98 . 0 . 47 ##5 ##8 . 80 allowed a remote attacker to potentially perform a sandbox e sc a ##pe via a crafted HTML page . [SEP]
LIME (words)
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
SHAP (words)
Use after free in Safe Browsing in Google Chrome prior to 98. 0. 4758. 80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page
#26 · cve_id CVE-2020-14304 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁memory ▁di sc los ure flaw ▁was ▁found ▁in ▁the ▁Linux ▁kernel ' s ether net ▁drivers ▁in ▁the ▁way ▁it ▁read ▁data ▁from ▁the ▁E EP ROM ▁of ▁the ▁device . ▁This flaw ▁allows ▁a ▁local ▁user ▁to ▁read uninitialized ▁values ▁from ▁the ▁kernel ▁memory . ▁The ▁highest ▁threat ▁from ▁this ▁vulnerability ▁is ▁to confidentiality . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A memory disclosure flaw was found in the Linux kernel's ethernet drivers in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
SHAP (words)
A memory disclosure flaw was found in the Linux kernel' s ethernet drivers in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A memory di sc los ##ure flaw was found in the Linux kernel ' s et ##her ##net drivers in the way it read data from the EE PRO M of the dev ice . This flaw allows a local user to read uninitialized values from the kernel memory . The highest threat from this vulnerability is to confidentiality . [SEP]
LRP (+Pred, pos-only)
[CLS] A memory di sc los ##ure flaw was found in the Linux kernel ' s et ##her ##net drivers in the way it read data from the EE PRO M of the dev ice . This flaw allows a local user to read uninitialized values from the kernel memory . The highest threat from this vulnerability is to confidentiality . [SEP]
LIME (words)
A memory disclosure flaw was found in the Linux kernel's ethernet drivers in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
SHAP (words)
A memory disclosure flaw was found in the Linux kernel' s ethernet drivers in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A memory di sc los ##ure flaw was found in the Linux kernel ' s et ##her ##net drivers in the way it read data from the EE PRO M of the dev ice . This flaw allows a local user to read uninitialized values from the kernel memory . The highest threat from this vulnerability is to confidentiality . [SEP]
LRP (+Pred, pos-only)
[CLS] A memory di sc los ##ure flaw was found in the Linux kernel ' s et ##her ##net drivers in the way it read data from the EE PRO M of the dev ice . This flaw allows a local user to read uninitialized values from the kernel memory . The highest threat from this vulnerability is to confidentiality . [SEP]
LIME (words)
A memory disclosure flaw was found in the Linux kernel's ethernet drivers in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
SHAP (words)
A memory disclosure flaw was found in the Linux kernel' s ethernet drivers in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality
#27 · cve_id CVE-2022-33712 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Intent redirection ▁vulnerability ▁using ▁imp lic t ▁intent ▁in ▁Camera ▁prior ▁to ▁versions ▁12 . 0 . 01 . 64 ▁12 . 0 . 3 . 23 ▁12 . 0 . 0 . 98 ▁12 . 0 . 6 . 11 ▁12 . 0 . 3 . 19 ▁in ▁Android S ( 12 ) ▁allows ▁attacker ▁to ▁get ▁sensitive ▁in for matio n . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 12.0.3.23 12.0.0.98 12.0.6.11 12.0.3.19 in Android S(12) allows attacker to get sensitive information.
SHAP (words)
Intent redirection vulnerability using implict intent in Camera prior to versions 12. 0. 01. 64 12. 0. 3. 23 12. 0. 0. 98 12. 0. 6. 11 12. 0. 3. 19 in Android S( 12) allows attacker to get sensitive information
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Intent redirection vulnerability using imp ##lic ##t int en ##t in Camera prior to versions 12 . 0 . 01 . 64 12 . 0 . 3 . 23 12 . 0 . 0 . 98 12 . 0 . 6 . 11 12 . 0 . 3 . 19 in Android S ( 12 ) allows attacker to get sensitive info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] Intent redirection vulnerability using imp ##lic ##t int en ##t in Camera prior to versions 12 . 0 . 01 . 64 12 . 0 . 3 . 23 12 . 0 . 0 . 98 12 . 0 . 6 . 11 12 . 0 . 3 . 19 in Android S ( 12 ) allows attacker to get sensitive info ##r matio n . [SEP]
LIME (words)
Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 12.0.3.23 12.0.0.98 12.0.6.11 12.0.3.19 in Android S(12) allows attacker to get sensitive information.
SHAP (words)
Intent redirection vulnerability using implict intent in Camera prior to versions 12. 0. 01. 64 12. 0. 3. 23 12. 0. 0. 98 12. 0. 6. 11 12. 0. 3. 19 in Android S( 12) allows attacker to get sensitive information
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Intent redirection vulnerability using imp ##lic ##t int en ##t in Camera prior to versions 12 . 0 . 01 . 64 12 . 0 . 3 . 23 12 . 0 . 0 . 98 12 . 0 . 6 . 11 12 . 0 . 3 . 19 in Android S ( 12 ) allows attacker to get sensitive info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] Intent redirection vulnerability using imp ##lic ##t int en ##t in Camera prior to versions 12 . 0 . 01 . 64 12 . 0 . 3 . 23 12 . 0 . 0 . 98 12 . 0 . 6 . 11 12 . 0 . 3 . 19 in Android S ( 12 ) allows attacker to get sensitive info ##r matio n . [SEP]
LIME (words)
Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 12.0.3.23 12.0.0.98 12.0.6.11 12.0.3.19 in Android S(12) allows attacker to get sensitive information.
SHAP (words)
Intent redirection vulnerability using implict intent in Camera prior to versions 12. 0. 01. 64 12. 0. 3. 23 12. 0. 0. 98 12. 0. 6. 11 12. 0. 3. 19 in Android S( 12) allows attacker to get sensitive information
#28 · cve_id CVE-2023-49060 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁attacker ▁could ▁have ▁accessed ▁internal ▁pages ▁or ▁data ▁by ▁ex - fil t rating ▁a ▁security ▁key ▁from ▁Reader Mo de ▁via ▁the ▁` referrer ▁policy ` ▁attribute . ▁This ▁vulnerability ▁affects Firefox ▁for ▁iOS ▁< ▁120 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.
SHAP (words)
An attacker could have accessed internal pages or data by ex- filtrating a security key from ReaderMode via the ` referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An attacker could have accessed int er ##nal pages or data by ex - fi ##lt ##rating a se ##c uri t ##y key from Reader ##M ##ode via the ` referrer policy ` attribute . This vulnerability affects Firefox for iOS < 120 . [SEP]
LRP (+Pred, pos-only)
[CLS] An attacker could have accessed int er ##nal pages or data by ex - fi ##lt ##rating a se ##c uri t ##y key from Reader ##M ##ode via the ` referrer policy ` attribute . This vulnerability affects Firefox for iOS < 120 . [SEP]
LIME (words)
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.
SHAP (words)
An attacker could have accessed internal pages or data by ex- filtrating a security key from ReaderMode via the ` referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An attacker could have accessed int er ##nal pages or data by ex - fi ##lt ##rating a se ##c uri t ##y key from Reader ##M ##ode via the ` referrer policy ` attribute . This vulnerability affects Firefox for iOS < 120 . [SEP]
LRP (+Pred, pos-only)
[CLS] An attacker could have accessed int er ##nal pages or data by ex - fi ##lt ##rating a se ##c uri t ##y key from Reader ##M ##ode via the ` referrer policy ` attribute . This vulnerability affects Firefox for iOS < 120 . [SEP]
LIME (words)
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.
SHAP (words)
An attacker could have accessed internal pages or data by ex- filtrating a security key from ReaderMode via the ` referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120
#29 · cve_id CVE-2023-23659 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-Site Request Forgery ( CSRF ) ▁vulnerability ▁in ▁Main WP ▁Mat omo ▁Extension ▁< = ▁4 . 0 . 4 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in MainWP Matomo Extension <= 4. 0. 4 versions
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Main WP Mat ##omo Extension < = 4 . 0 . 4 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Main WP Mat ##omo Extension < = 4 . 0 . 4 versions . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in MainWP Matomo Extension <= 4. 0. 4 versions
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Main WP Mat ##omo Extension < = 4 . 0 . 4 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Main WP Mat ##omo Extension < = 4 . 0 . 4 versions . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in MainWP Matomo Extension <= 4. 0. 4 versions
#30 · cve_id CVE-2022-4008 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁affected ▁versions ▁of Octopus Deploy ▁it ▁is ▁po ssi ble ▁to upload ▁a ▁zip bomb ▁file ▁as ▁a ▁task ▁which ▁results ▁in Denial ▁of ▁Service <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
SHAP (words)
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In affected versions of Octopus Deploy it is p ##o ssi b ##le to upload a zip bomb file as a task which results in Denial of Service [SEP]
LRP (+Pred, pos-only)
[CLS] In affected versions of Octopus Deploy it is p ##o ssi b ##le to upload a zip bomb file as a task which results in Denial of Service [SEP]
LIME (words)
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
SHAP (words)
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In affected versions of Octopus Deploy it is p ##o ssi b ##le to upload a zip bomb file as a task which results in Denial of Service [SEP]
LRP (+Pred, pos-only)
[CLS] In affected versions of Octopus Deploy it is p ##o ssi b ##le to upload a zip bomb file as a task which results in Denial of Service [SEP]
LIME (words)
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
SHAP (words)
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
#31 · cve_id CVE-2022-3885 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Use ▁after ▁free ▁in ▁V 8 ▁in ▁Google Chrome ▁prior ▁to ▁107 . 0 . 530 4 . 10 6 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁a ▁crafted HTML ▁page . ( Chromium ▁security ▁severity : ▁High ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
SHAP (words)
Use after free in V8 in Google Chrome prior to 107. 0. 5304. 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ( Chromium security severity: High
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Use after free in V8 in Google Chrome prior to 107 . 0 . 530 ##4 . 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LRP (+Pred, pos-only)
[CLS] Use after free in V8 in Google Chrome prior to 107 . 0 . 530 ##4 . 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LIME (words)
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
SHAP (words)
Use after free in V8 in Google Chrome prior to 107. 0. 5304. 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ( Chromium security severity: High
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Use after free in V8 in Google Chrome prior to 107 . 0 . 530 ##4 . 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LRP (+Pred, pos-only)
[CLS] Use after free in V8 in Google Chrome prior to 107 . 0 . 530 ##4 . 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LIME (words)
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
SHAP (words)
Use after free in V8 in Google Chrome prior to 107. 0. 5304. 106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ( Chromium security severity: High
#32 · cve_id CVE-2015-10107 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in ▁Sim pl r Registration ▁Form ▁Plus + Plugin ▁up ▁to ▁2 . 3 . 4 ▁on WordPress ▁and cla ssi fi ed ▁as ▁problematic . ▁This ▁issue ▁affects ▁some ▁unknown ▁pro ce ssi ng . ▁The ▁manipulation ▁leads ▁to ▁cross ▁site scripting . ▁The ▁attack ▁may ▁be init iated ▁remotely . ▁Up grad ing ▁to ▁version ▁2 . 3 . 5 ▁is ▁able ▁to ▁address ▁this ▁issue . ▁The identifier ▁of ▁the ▁patch ▁is d 5 88 44 68 44 d d 49 232 ab 400 ef 213 ff 5 b 92 12 1 c 33 e . ▁It ▁is ▁recommended ▁to ▁upgrade ▁the ▁affected ▁component . ▁The identifier ▁V DB - 23 01 53 ▁was ▁a ssi gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.
SHAP (words)
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2. 3. 4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2. 3. 5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB- 230153 was assigned to this vulnerability
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in Si ##mp ##l ##r Registration Form Plus + Plugin up to 2 . 3 . 4 on WordPress and c ##la ssi fi ##ed as problematic . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to cross s ite scripting . The attack may be init i ##ated remotely . Up ##grading to version 2 . 3 . 5 is able to address this issue . The identifier of the patch is d ##5 ##8 ##8 ##44 ##6 ##8 ##44 ##dd ##4 ##9 ##23 ##2 ##ab ##40 ##0 ##ef ##21 ##3 ##ff ##5 ##b ##9 ##21 ##21 ##c ##33 ##e . It is recommended to upgrade the affected component . The identifier V ##D ##B - 230 ##15 ##3 was a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in Si ##mp ##l ##r Registration Form Plus + Plugin up to 2 . 3 . 4 on WordPress and c ##la ssi fi ##ed as problematic . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to cross s ite scripting . The attack may be init i ##ated remotely . Up ##grading to version 2 . 3 . 5 is able to address this issue . The identifier of the patch is d ##5 ##8 ##8 ##44 ##6 ##8 ##44 ##dd ##4 ##9 ##23 ##2 ##ab ##40 ##0 ##ef ##21 ##3 ##ff ##5 ##b ##9 ##21 ##21 ##c ##33 ##e . It is recommended to upgrade the affected component . The identifier V ##D ##B - 230 ##15 ##3 was a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.
SHAP (words)
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2. 3. 4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2. 3. 5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB- 230153 was assigned to this vulnerability
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in Si ##mp ##l ##r Registration Form Plus + Plugin up to 2 . 3 . 4 on WordPress and c ##la ssi fi ##ed as problematic . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to cross s ite scripting . The attack may be init i ##ated remotely . Up ##grading to version 2 . 3 . 5 is able to address this issue . The identifier of the patch is d ##5 ##8 ##8 ##44 ##6 ##8 ##44 ##dd ##4 ##9 ##23 ##2 ##ab ##40 ##0 ##ef ##21 ##3 ##ff ##5 ##b ##9 ##21 ##21 ##c ##33 ##e . It is recommended to upgrade the affected component . The identifier V ##D ##B - 230 ##15 ##3 was a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in Si ##mp ##l ##r Registration Form Plus + Plugin up to 2 . 3 . 4 on WordPress and c ##la ssi fi ##ed as problematic . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to cross s ite scripting . The attack may be init i ##ated remotely . Up ##grading to version 2 . 3 . 5 is able to address this issue . The identifier of the patch is d ##5 ##8 ##8 ##44 ##6 ##8 ##44 ##dd ##4 ##9 ##23 ##2 ##ab ##40 ##0 ##ef ##21 ##3 ##ff ##5 ##b ##9 ##21 ##21 ##c ##33 ##e . It is recommended to upgrade the affected component . The identifier V ##D ##B - 230 ##15 ##3 was a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.
SHAP (words)
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2. 3. 4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2. 3. 5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB- 230153 was assigned to this vulnerability
#33 · cve_id CVE-2019-19480 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in OpenSC ▁through ▁0 . 19 . 0 ▁and ▁0 . 20 . x ▁through ▁0 . 20 . 0 - rc 3 . lib open sc / p k c s 15 - pr key . c ▁has ▁an ▁incorrect ▁free ▁operation ▁in sc ▁_ p k c s 15 _ decode ▁_ pr k d f _ entry . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
SHAP (words)
An issue was discovered in OpenSC through 0. 19. 0 and 0. 20. x through 0. 20. 0- rc3. libopensc/ pkcs15- prkey. c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in OpenSC through 0 . 19 . 0 and 0 . 20 . x through 0 . 20 . 0 - r ##c ##3 . l ##ib ##ope ##n sc / p ##k ##cs ##15 - p ##rk ##ey . c has an incorrect free operation in sc _ p ##k ##cs ##15 _ decode _ p ##rk ##d ##f _ entry . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in OpenSC through 0 . 19 . 0 and 0 . 20 . x through 0 . 20 . 0 - r ##c ##3 . l ##ib ##ope ##n sc / p ##k ##cs ##15 - p ##rk ##ey . c has an incorrect free operation in sc _ p ##k ##cs ##15 _ decode _ p ##rk ##d ##f _ entry . [SEP]
LIME (words)
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
SHAP (words)
An issue was discovered in OpenSC through 0. 19. 0 and 0. 20. x through 0. 20. 0- rc3. libopensc/ pkcs15- prkey. c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in OpenSC through 0 . 19 . 0 and 0 . 20 . x through 0 . 20 . 0 - r ##c ##3 . l ##ib ##ope ##n sc / p ##k ##cs ##15 - p ##rk ##ey . c has an incorrect free operation in sc _ p ##k ##cs ##15 _ decode _ p ##rk ##d ##f _ entry . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in OpenSC through 0 . 19 . 0 and 0 . 20 . x through 0 . 20 . 0 - r ##c ##3 . l ##ib ##ope ##n sc / p ##k ##cs ##15 - p ##rk ##ey . c has an incorrect free operation in sc _ p ##k ##cs ##15 _ decode _ p ##rk ##d ##f _ entry . [SEP]
LIME (words)
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
SHAP (words)
An issue was discovered in OpenSC through 0. 19. 0 and 0. 20. x through 0. 20. 0- rc3. libopensc/ pkcs15- prkey. c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry
#34 · cve_id CVE-2023-44001 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁in ▁Ai land ▁clinic ▁mini - app ▁on ▁Line ▁v 13 . 6 . 1 ▁allows ▁attackers ▁to ▁send ▁crafted malicious notifications ▁via leakage ▁of ▁the ▁channel ▁access ▁token . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
SHAP (words)
An issue in Ailand clinic mini- app on Line v13. 6. 1 allows attackers to send crafted malicious notifications via leakage of the channel access token
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue in Ai ##land cli ni ##c mini - app on Line v ##13 . 6 . 1 allows attackers to send crafted malicious notifications via leakage of the channel access token . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue in Ai ##land cli ni ##c mini - app on Line v ##13 . 6 . 1 allows attackers to send crafted malicious notifications via leakage of the channel access token . [SEP]
LIME (words)
An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
SHAP (words)
An issue in Ailand clinic mini- app on Line v13. 6. 1 allows attackers to send crafted malicious notifications via leakage of the channel access token
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue in Ai ##land cli ni ##c mini - app on Line v ##13 . 6 . 1 allows attackers to send crafted malicious notifications via leakage of the channel access token . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue in Ai ##land cli ni ##c mini - app on Line v ##13 . 6 . 1 allows attackers to send crafted malicious notifications via leakage of the channel access token . [SEP]
LIME (words)
An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
SHAP (words)
An issue in Ailand clinic mini- app on Line v13. 6. 1 allows attackers to send crafted malicious notifications via leakage of the channel access token
#35 · cve_id CVE-2022-41891 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
TensorFlow ▁is ▁an ▁open ▁source ▁platform ▁for ▁machine ▁learning . ▁If ▁` t f . raw _ ops . T ensor L ist Con cat ` ▁is ▁given ▁` e lement _ sha pe = [ ] ` ▁it ▁results segmentation ▁fault ▁which ▁can ▁be ▁used ▁to ▁trigger ▁a ▁denial ▁of ▁service ▁attack . ▁We ▁have patched ▁the ▁issue ▁in GitHub ▁commit ▁f c 33 f 3 d c 4 c 14 05 1 a 83 e ec 65 35 b 60 8 a be 1 d 35 5 f de . ▁The ▁fix ▁will ▁be ▁included ▁in TensorFlow ▁2 . 11 . ▁We ▁will ▁also ch err y pick ▁this ▁commit ▁on TensorFlow ▁2 . 10 . 1 ▁2 . 9 . 3 ▁and TensorFlow ▁2 . 8 . 4 ▁as ▁these ▁are ▁also ▁affected ▁and ▁still ▁in ▁supported ▁range . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]` it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 2.9.3 and TensorFlow 2.8.4 as these are also affected and still in supported range.
SHAP (words)
TensorFlow is an open source platform for machine learning. If ` tf. raw_ops. TensorListConcat` is given ` element_shape=[]` it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2. 11. We will also cherrypick this commit on TensorFlow 2. 10. 1 2. 9. 3 and TensorFlow 2. 8. 4 as these are also affected and still in supported range
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TensorFlow is an open source platform for machine learning . If ` t ##f . raw _ op ##s . Ten ##sor ##L ##ist ##C ##on ##cat ` is given ` element _ shape = [ ] ` it results segmentation fault which can be used to trigger a denial of service attack . We have patched the issue in GitHub commit f ##c ##33 ##f ##3 ##d ##c ##4 ##c ##14 ##0 ##51 ##a ##8 ##3 ##ee ##c ##65 ##35 ##b ##60 ##8 ##abe ##1 ##d ##35 ##5 ##f ##de . The fix will be included in TensorFlow 2 . 11 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 10 . 1 2 . 9 . 3 and TensorFlow 2 . 8 . 4 as these are also affected and still in supported range . [SEP]
LRP (+Pred, pos-only)
[CLS] TensorFlow is an open source platform for machine learning . If ` t ##f . raw _ op ##s . Ten ##sor ##L ##ist ##C ##on ##cat ` is given ` element _ shape = [ ] ` it results segmentation fault which can be used to trigger a denial of service attack . We have patched the issue in GitHub commit f ##c ##33 ##f ##3 ##d ##c ##4 ##c ##14 ##0 ##51 ##a ##8 ##3 ##ee ##c ##65 ##35 ##b ##60 ##8 ##abe ##1 ##d ##35 ##5 ##f ##de . The fix will be included in TensorFlow 2 . 11 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 10 . 1 2 . 9 . 3 and TensorFlow 2 . 8 . 4 as these are also affected and still in supported range . [SEP]
LIME (words)
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]` it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 2.9.3 and TensorFlow 2.8.4 as these are also affected and still in supported range.
SHAP (words)
TensorFlow is an open source platform for machine learning. If ` tf. raw_ops. TensorListConcat` is given ` element_shape=[]` it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2. 11. We will also cherrypick this commit on TensorFlow 2. 10. 1 2. 9. 3 and TensorFlow 2. 8. 4 as these are also affected and still in supported range
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TensorFlow is an open source platform for machine learning . If ` t ##f . raw _ op ##s . Ten ##sor ##L ##ist ##C ##on ##cat ` is given ` element _ shape = [ ] ` it results segmentation fault which can be used to trigger a denial of service attack . We have patched the issue in GitHub commit f ##c ##33 ##f ##3 ##d ##c ##4 ##c ##14 ##0 ##51 ##a ##8 ##3 ##ee ##c ##65 ##35 ##b ##60 ##8 ##abe ##1 ##d ##35 ##5 ##f ##de . The fix will be included in TensorFlow 2 . 11 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 10 . 1 2 . 9 . 3 and TensorFlow 2 . 8 . 4 as these are also affected and still in supported range . [SEP]
LRP (+Pred, pos-only)
[CLS] TensorFlow is an open source platform for machine learning . If ` t ##f . raw _ op ##s . Ten ##sor ##L ##ist ##C ##on ##cat ` is given ` element _ shape = [ ] ` it results segmentation fault which can be used to trigger a denial of service attack . We have patched the issue in GitHub commit f ##c ##33 ##f ##3 ##d ##c ##4 ##c ##14 ##0 ##51 ##a ##8 ##3 ##ee ##c ##65 ##35 ##b ##60 ##8 ##abe ##1 ##d ##35 ##5 ##f ##de . The fix will be included in TensorFlow 2 . 11 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 10 . 1 2 . 9 . 3 and TensorFlow 2 . 8 . 4 as these are also affected and still in supported range . [SEP]
LIME (words)
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]` it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 2.9.3 and TensorFlow 2.8.4 as these are also affected and still in supported range.
SHAP (words)
TensorFlow is an open source platform for machine learning. If ` tf. raw_ops. TensorListConcat` is given ` element_shape=[]` it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2. 11. We will also cherrypick this commit on TensorFlow 2. 10. 1 2. 9. 3 and TensorFlow 2. 8. 4 as these are also affected and still in supported range
#36 · cve_id CVE-2022-22106 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Memory ▁corruption ▁in ▁multimedia ▁due ▁to improper ▁length ▁check ▁while copying ▁the ▁data ▁in Snapdragon ▁Auto <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
SHAP (words)
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto [SEP]
LRP (+Pred, pos-only)
[CLS] Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto [SEP]
LIME (words)
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
SHAP (words)
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto [SEP]
LRP (+Pred, pos-only)
[CLS] Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto [SEP]
LIME (words)
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
SHAP (words)
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
#37 · cve_id CVE-2023-2830 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-Site Request Forgery ( CSRF ) ▁vulnerability ▁in ▁Trust index . I o WP Testimonials plugin ▁< = ▁1 . 4 . 2 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in Trustindex. Io WP Testimonials plugin <=  1. 4. 2 versions
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Trust ##ind ##ex . I ##o WP Testimonials plugin < = 1 . 4 . 2 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Trust ##ind ##ex . I ##o WP Testimonials plugin < = 1 . 4 . 2 versions . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in Trustindex. Io WP Testimonials plugin <=  1. 4. 2 versions
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Trust ##ind ##ex . I ##o WP Testimonials plugin < = 1 . 4 . 2 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Trust ##ind ##ex . I ##o WP Testimonials plugin < = 1 . 4 . 2 versions . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in Trustindex. Io WP Testimonials plugin <=  1. 4. 2 versions
#38 · cve_id CVE-2022-38795 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In Gitea ▁through ▁1 . 17 . 1 ▁repo cloning ▁can ▁occur ▁in ▁the ▁migration ▁function . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In Gitea through 1.17.1 repo cloning can occur in the migration function.
SHAP (words)
In Gitea through 1. 17. 1 repo cloning can occur in the migration function
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Gitea through 1 . 17 . 1 re ##po cloning can occur in the migration function . [SEP]
LRP (+Pred, pos-only)
[CLS] In Gitea through 1 . 17 . 1 re ##po cloning can occur in the migration function . [SEP]
LIME (words)
In Gitea through 1.17.1 repo cloning can occur in the migration function.
SHAP (words)
In Gitea through 1. 17. 1 repo cloning can occur in the migration function
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Gitea through 1 . 17 . 1 re ##po cloning can occur in the migration function . [SEP]
LRP (+Pred, pos-only)
[CLS] In Gitea through 1 . 17 . 1 re ##po cloning can occur in the migration function . [SEP]
LIME (words)
In Gitea through 1.17.1 repo cloning can occur in the migration function.
SHAP (words)
In Gitea through 1. 17. 1 repo cloning can occur in the migration function
#39 · cve_id CVE-2021-35109 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Possible ▁address ▁manipulation ▁from APP - NS ▁while APP - S ▁is configuring ▁an RG ▁where ▁it ▁tries ▁to ▁merge ▁the ▁address ▁ranges ▁in Snapdragon Connectivity Snapdragon ▁Mobile <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile
SHAP (words)
Possible address manipulation from APP- NS while APP- S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Possible address man ip ul ##ation from APP - NS while APP - S is configuring an R ##G where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile [SEP]
LRP (+Pred, pos-only)
[CLS] Possible address man ip ul ##ation from APP - NS while APP - S is configuring an R ##G where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile [SEP]
LIME (words)
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile
SHAP (words)
Possible address manipulation from APP- NS while APP- S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Possible address man ip ul ##ation from APP - NS while APP - S is configuring an R ##G where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile [SEP]
LRP (+Pred, pos-only)
[CLS] Possible address man ip ul ##ation from APP - NS while APP - S is configuring an R ##G where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile [SEP]
LIME (words)
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile
SHAP (words)
Possible address manipulation from APP- NS while APP- S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity Snapdragon Mobile
#40 · cve_id CVE-2022-1952 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Free Booking Plugin ▁for ▁Hotels ▁Restaurant ▁and ▁Car Rental WordPress plugin ▁before ▁1 . 1 . 16 ▁suffers ▁from ▁insufficient ▁input validation ▁which ▁leads ▁to ▁arbitrary ▁file upload ▁and ▁subsequently ▁to ▁remote ▁code ▁execution . ▁An AJAX ▁action acce ssi ble ▁to unauthenticated ▁users ▁is ▁affected ▁by ▁this ▁issue . ▁An ▁allow list ▁of ▁valid ▁file ▁extensions ▁is ▁defined ▁but ▁is ▁not ▁used ▁during ▁the validation ▁steps . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
SHAP (words)
The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1. 1. 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1 . 1 . 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code exec u ##tion . An AJAX action a ##cc ##e ssi b ##le to unauthenticated users is affected by this issue . An allow ##list of valid file extensions is defined but is not used d uri ng the validation steps . [SEP]
LRP (+Pred, pos-only)
[CLS] The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1 . 1 . 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code exec u ##tion . An AJAX action a ##cc ##e ssi b ##le to unauthenticated users is affected by this issue . An allow ##list of valid file extensions is defined but is not used d uri ng the validation steps . [SEP]
LIME (words)
The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
SHAP (words)
The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1. 1. 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1 . 1 . 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code exec u ##tion . An AJAX action a ##cc ##e ssi b ##le to unauthenticated users is affected by this issue . An allow ##list of valid file extensions is defined but is not used d uri ng the validation steps . [SEP]
LRP (+Pred, pos-only)
[CLS] The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1 . 1 . 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code exec u ##tion . An AJAX action a ##cc ##e ssi b ##le to unauthenticated users is affected by this issue . An allow ##list of valid file extensions is defined but is not used d uri ng the validation steps . [SEP]
LIME (words)
The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
SHAP (words)
The Free Booking Plugin for Hotels Restaurant and Car Rental WordPress plugin before 1. 1. 16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps
#41 · cve_id CVE-2020-14645 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle WebLogic ▁Server ▁product ▁of ▁Oracle ▁Fusion Middleware ( com ponent : ▁Core ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁10 . 3 . 6 . 0 . 0 ▁12 . 1 . 3 . 0 . 0 ▁12 . 2 . 1 . 3 . 0 ▁12 . 2 . 1 . 4 . 0 ▁and ▁14 . 1 . 1 . 0 . 0 . Easily exploitable ▁vulnerability ▁allows unauthenticated ▁attacker ▁with ▁network ▁access ▁via IIOP ▁T 3 ▁to ▁compromise ▁Oracle WebLogic ▁Server . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in ▁takeover ▁of ▁Oracle WebLogic ▁Server . CVSS ▁3 . 1 ▁Base ▁Score ▁9 . 8 ( Con fid ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0 12.1.3.0.0 12.2.1.3.0 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component: Core). Supported versions that are affected are 10. 3. 6. 0. 0 12. 1. 3. 0. 0 12. 2. 1. 3. 0 12. 2. 1. 4. 0 and 14. 1. 1. 0. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3. 1 Base Score 9. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: N/ S: U/ C: H/ I: H/ A: H
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 10 . 3 . 6 . 0 . 0 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T ##3 to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 10 . 3 . 6 . 0 . 0 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T ##3 to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0 12.1.3.0.0 12.2.1.3.0 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component: Core). Supported versions that are affected are 10. 3. 6. 0. 0 12. 1. 3. 0. 0 12. 2. 1. 3. 0 12. 2. 1. 4. 0 and 14. 1. 1. 0. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3. 1 Base Score 9. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: N/ S: U/ C: H/ I: H/ A: H
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 10 . 3 . 6 . 0 . 0 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T ##3 to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 10 . 3 . 6 . 0 . 0 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T ##3 to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0 12.1.3.0.0 12.2.1.3.0 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component: Core). Supported versions that are affected are 10. 3. 6. 0. 0 12. 1. 3. 0. 0 12. 2. 1. 3. 0 12. 2. 1. 4. 0 and 14. 1. 1. 0. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3. 1 Base Score 9. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: N/ S: U/ C: H/ I: H/ A: H
#42 · cve_id CVE-2021-34764 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Multiple vulnerabilities ▁in ▁the web-based ▁man a gem ent ▁interface ▁of Cisco Firepower Manage ment ▁Center ( FM C ) ▁Software ▁could ▁allow ▁an ▁attacker ▁to ▁execute ▁a cross-site scripting ( XSS ) ▁attack ▁or ▁an ▁open redirect ▁attack . ▁For ▁more ▁in for matio n ▁about ▁these vulnerabilities ▁see ▁the Details ▁section ▁of ▁this ▁advisory . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities see the Details section of this advisory.
SHAP (words)
Multiple vulnerabilities in the web- based management interface of Cisco Firepower Management Center ( FMC) Software could allow an attacker to execute a cross- site scripting ( XSS) attack or an open redirect attack. For more information about these vulnerabilities see the Details section of this advisory
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Firepower Manage men ##t Center ( FM ##C ) Software could allow an attacker to exec u ##te a cross-site scripting ( XSS ) attack or an open redirect attack . For more info ##r matio n about these vulnerabilities see the Details section of this advisory . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Firepower Manage men ##t Center ( FM ##C ) Software could allow an attacker to exec u ##te a cross-site scripting ( XSS ) attack or an open redirect attack . For more info ##r matio n about these vulnerabilities see the Details section of this advisory . [SEP]
LIME (words)
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities see the Details section of this advisory.
SHAP (words)
Multiple vulnerabilities in the web- based management interface of Cisco Firepower Management Center ( FMC) Software could allow an attacker to execute a cross- site scripting ( XSS) attack or an open redirect attack. For more information about these vulnerabilities see the Details section of this advisory
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Firepower Manage men ##t Center ( FM ##C ) Software could allow an attacker to exec u ##te a cross-site scripting ( XSS ) attack or an open redirect attack . For more info ##r matio n about these vulnerabilities see the Details section of this advisory . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Firepower Manage men ##t Center ( FM ##C ) Software could allow an attacker to exec u ##te a cross-site scripting ( XSS ) attack or an open redirect attack . For more info ##r matio n about these vulnerabilities see the Details section of this advisory . [SEP]
LIME (words)
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities see the Details section of this advisory.
SHAP (words)
Multiple vulnerabilities in the web- based management interface of Cisco Firepower Management Center ( FMC) Software could allow an attacker to execute a cross- site scripting ( XSS) attack or an open redirect attack. For more information about these vulnerabilities see the Details section of this advisory
#43 · cve_id CVE-2019-17192 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The WebRTC ▁component ▁in ▁the ▁Signal ▁Private ▁Messenger ▁application ▁through ▁4 . 47 . 7 ▁for ▁Android ▁processes ▁video conferencing RTP ▁packet s ▁before ▁a ▁call ee ▁choose s ▁to ▁answer ▁a ▁call ▁which ▁might ▁make ▁it ▁easier ▁for ▁remote ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ▁or ▁po ssi b ly ▁have unspecified ▁other ▁impact ▁via malformed ▁packet s . NOT ▁E : ▁the ▁vendor ▁plans ▁to ▁continue ▁this ▁behavior ▁for ▁performance ▁reasons ▁unless ▁a WebRTC ▁design ▁change ▁occurs <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
SHAP (words)
The WebRTC component in the Signal Private Messenger application through 4. 47. 7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The WebRTC component in the Signal Private Messenger application through 4 . 47 . 7 for Android processes video conferencing RTP packets before a call ##ee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via malformed packets . NOT E : the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs [SEP]
LRP (+Pred, pos-only)
[CLS] The WebRTC component in the Signal Private Messenger application through 4 . 47 . 7 for Android processes video conferencing RTP packets before a call ##ee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via malformed packets . NOT E : the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs [SEP]
LIME (words)
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
SHAP (words)
The WebRTC component in the Signal Private Messenger application through 4. 47. 7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The WebRTC component in the Signal Private Messenger application through 4 . 47 . 7 for Android processes video conferencing RTP packets before a call ##ee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via malformed packets . NOT E : the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs [SEP]
LRP (+Pred, pos-only)
[CLS] The WebRTC component in the Signal Private Messenger application through 4 . 47 . 7 for Android processes video conferencing RTP packets before a call ##ee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via malformed packets . NOT E : the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs [SEP]
LIME (words)
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
SHAP (words)
The WebRTC component in the Signal Private Messenger application through 4. 47. 7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
#44 · cve_id CVE-2019-6581 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in ▁Si ve ill ance VMS ▁2017 ▁R 2 ( All ▁versions ▁< ▁V 11 . 2 a ) ▁Si ve ill ance VMS ▁2018 ▁R 1 ( All ▁versions ▁< ▁V 12 . 1 a ) ▁Si ve ill ance VMS ▁2018 ▁R 2 ( All ▁versions ▁< ▁V 12 . 2 a ) ▁Si ve ill ance VMS ▁2018 ▁R 3 ( All ▁versions ▁< ▁V 12 . 3 a ) ▁Si ve ill ance VMS ▁2019 ▁R 1 ( All ▁versions ▁< ▁V 13 . 1 a ) . ▁An ▁attacker ▁with ▁network ▁access ▁to ▁port ▁80 / TCP ▁could ▁change ▁user ▁roles ▁without ▁proper auth ▁or ization . ▁The ▁security ▁vulnerability ▁could ▁be ▁exploited ▁by ▁an authenticated ▁attacker ▁with ▁network ▁access ▁to ▁the ▁affected ▁service . ▁No ▁user ▁interaction ▁is ▁required ▁to ▁exploit ▁this ▁security ▁vulnerability . Successful ▁exploitation compromises confidentiality ▁integrity ▁and ▁availability ▁of ▁the ▁targeted ▁system . ▁At ▁the ▁time ▁of ▁advisory ▁publication ▁no ▁public ▁exploitation ▁of ▁this ▁security ▁vulnerability ▁was ▁known . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a) Siveillance VMS 2018 R1 (All versions < V12.1a) Siveillance VMS 2018 R2 (All versions < V12.2a) Siveillance VMS 2018 R3 (All versions < V12.3a) Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
SHAP (words)
A vulnerability has been identified in Siveillance VMS 2017 R2 ( All versions < V11. 2a) Siveillance VMS 2018 R1 ( All versions < V12. 1a) Siveillance VMS 2018 R2 ( All versions < V12. 2a) Siveillance VMS 2018 R3 ( All versions < V12. 3a) Siveillance VMS 2019 R1 ( All versions < V13. 1a). An attacker with network access to port 80/ TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Si ##ve ##illa ##nce VMS 2017 R ##2 ( All versions < V ##11 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##1 ( All versions < V ##12 . 1 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##2 ( All versions < V ##12 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##3 ( All versions < V ##12 . 3 ##a ) Si ##ve ##illa ##nce VMS 2019 R ##1 ( All versions < V ##13 . 1 ##a ) . An attacker with network access to port 80 / TCP could change user roles without proper auth or ##ization . The se ##c uri t ##y vulnerability could be ex ##p ##lo ite d by an authenticated attacker with network access to the affected service . No user int era ##ction is required to exploit this se ##c uri t ##y vulnerability . Successful exploitation compromises confidentiality int e ##g ##rity and availability of the tar get ##ed system . At the time of advisory publication no public exploitation of this se ##c uri t ##y vulnerability was known . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Si ##ve ##illa ##nce VMS 2017 R ##2 ( All versions < V ##11 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##1 ( All versions < V ##12 . 1 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##2 ( All versions < V ##12 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##3 ( All versions < V ##12 . 3 ##a ) Si ##ve ##illa ##nce VMS 2019 R ##1 ( All versions < V ##13 . 1 ##a ) . An attacker with network access to port 80 / TCP could change user roles without proper auth or ##ization . The se ##c uri t ##y vulnerability could be ex ##p ##lo ite d by an authenticated attacker with network access to the affected service . No user int era ##ction is required to exploit this se ##c uri t ##y vulnerability . Successful exploitation compromises confidentiality int e ##g ##rity and availability of the tar get ##ed system . At the time of advisory publication no public exploitation of this se ##c uri t ##y vulnerability was known . [SEP]
LIME (words)
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a) Siveillance VMS 2018 R1 (All versions < V12.1a) Siveillance VMS 2018 R2 (All versions < V12.2a) Siveillance VMS 2018 R3 (All versions < V12.3a) Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
SHAP (words)
A vulnerability has been identified in Siveillance VMS 2017 R2 ( All versions < V11. 2a) Siveillance VMS 2018 R1 ( All versions < V12. 1a) Siveillance VMS 2018 R2 ( All versions < V12. 2a) Siveillance VMS 2018 R3 ( All versions < V12. 3a) Siveillance VMS 2019 R1 ( All versions < V13. 1a). An attacker with network access to port 80/ TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Si ##ve ##illa ##nce VMS 2017 R ##2 ( All versions < V ##11 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##1 ( All versions < V ##12 . 1 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##2 ( All versions < V ##12 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##3 ( All versions < V ##12 . 3 ##a ) Si ##ve ##illa ##nce VMS 2019 R ##1 ( All versions < V ##13 . 1 ##a ) . An attacker with network access to port 80 / TCP could change user roles without proper auth or ##ization . The se ##c uri t ##y vulnerability could be ex ##p ##lo ite d by an authenticated attacker with network access to the affected service . No user int era ##ction is required to exploit this se ##c uri t ##y vulnerability . Successful exploitation compromises confidentiality int e ##g ##rity and availability of the tar get ##ed system . At the time of advisory publication no public exploitation of this se ##c uri t ##y vulnerability was known . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Si ##ve ##illa ##nce VMS 2017 R ##2 ( All versions < V ##11 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##1 ( All versions < V ##12 . 1 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##2 ( All versions < V ##12 . 2 ##a ) Si ##ve ##illa ##nce VMS 2018 R ##3 ( All versions < V ##12 . 3 ##a ) Si ##ve ##illa ##nce VMS 2019 R ##1 ( All versions < V ##13 . 1 ##a ) . An attacker with network access to port 80 / TCP could change user roles without proper auth or ##ization . The se ##c uri t ##y vulnerability could be ex ##p ##lo ite d by an authenticated attacker with network access to the affected service . No user int era ##ction is required to exploit this se ##c uri t ##y vulnerability . Successful exploitation compromises confidentiality int e ##g ##rity and availability of the tar get ##ed system . At the time of advisory publication no public exploitation of this se ##c uri t ##y vulnerability was known . [SEP]
LIME (words)
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a) Siveillance VMS 2018 R1 (All versions < V12.1a) Siveillance VMS 2018 R2 (All versions < V12.2a) Siveillance VMS 2018 R3 (All versions < V12.3a) Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
SHAP (words)
A vulnerability has been identified in Siveillance VMS 2017 R2 ( All versions < V11. 2a) Siveillance VMS 2018 R1 ( All versions < V12. 1a) Siveillance VMS 2018 R2 ( All versions < V12. 2a) Siveillance VMS 2018 R3 ( All versions < V12. 3a) Siveillance VMS 2019 R1 ( All versions < V13. 1a). An attacker with network access to port 80/ TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known
#45 · cve_id CVE-2022-26062 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Uncontrolled ▁search ▁path ▁element ▁in ▁the ▁Intel ( R ) ▁Trace Analyzer ▁and ▁Collector ▁before ▁version ▁20 21 . 6 ▁for ▁Intel ( R ) ▁one AP I HPC Toolkit ▁may ▁allow ▁an authenticated ▁user ▁to ▁potentially ▁enable escalation ▁of ▁privilege ▁via ▁local ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Uncontrolled search path element in the Intel( R) Trace Analyzer and Collector before version 2021. 6 for Intel( R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Uncontrolled search path element in the Intel ( R ) Trace Analyzer and Collector before version 202 ##1 . 6 for Intel ( R ) one ##A PI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Uncontrolled search path element in the Intel ( R ) Trace Analyzer and Collector before version 202 ##1 . 6 for Intel ( R ) one ##A PI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Uncontrolled search path element in the Intel( R) Trace Analyzer and Collector before version 2021. 6 for Intel( R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Uncontrolled search path element in the Intel ( R ) Trace Analyzer and Collector before version 202 ##1 . 6 for Intel ( R ) one ##A PI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Uncontrolled search path element in the Intel ( R ) Trace Analyzer and Collector before version 202 ##1 . 6 for Intel ( R ) one ##A PI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Uncontrolled search path element in the Intel( R) Trace Analyzer and Collector before version 2021. 6 for Intel( R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access
#46 · cve_id CVE-2022-2008 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Double ▁free ▁in WebGL ▁in ▁Google Chrome ▁prior ▁to ▁102 . 0 . 500 5 . 1 15 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Double free in WebGL in Google Chrome prior to 102. 0. 5005. 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Double free in WebGL in Google Chrome prior to 102 . 0 . 500 ##5 . 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Double free in WebGL in Google Chrome prior to 102 . 0 . 500 ##5 . 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Double free in WebGL in Google Chrome prior to 102. 0. 5005. 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Double free in WebGL in Google Chrome prior to 102 . 0 . 500 ##5 . 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Double free in WebGL in Google Chrome prior to 102 . 0 . 500 ##5 . 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)
Double free in WebGL in Google Chrome prior to 102. 0. 5005. 115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
#47 · cve_id CVE-2022-20436 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁There ▁is ▁an unauthorized ▁service ▁in ▁the ▁system ▁service . ▁Since ▁the ▁component ▁does ▁not ▁have ▁per mi ssi ▁on ▁check ▁resulting ▁in ▁Local Elevation ▁of ▁privilege . Pro duct : ▁Android Versions : ▁Android SoCAndroid ▁ID : ▁A - 24 224 83 69 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
There is an unauthorized service in the system service. Since the component does not have permission check resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369
SHAP (words)
There is an unauthorized service in the system service. Since the component does not have permission check resulting in Local Elevation of privilege. Product: AndroidVersions: Android SoCAndroid ID: A- 242248369
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] There is an unauthorized service in the system service . Since the component does not have per ##mi ssi on check resulting in Local Elevation of privilege . Product : Android Versions : Android SoCAndroid ID : A - 242 ##24 ##8 ##36 ##9 [SEP]
LRP (+Pred, pos-only)
[CLS] There is an unauthorized service in the system service . Since the component does not have per ##mi ssi on check resulting in Local Elevation of privilege . Product : Android Versions : Android SoCAndroid ID : A - 242 ##24 ##8 ##36 ##9 [SEP]
LIME (words)
There is an unauthorized service in the system service. Since the component does not have permission check resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369
SHAP (words)
There is an unauthorized service in the system service. Since the component does not have permission check resulting in Local Elevation of privilege. Product: AndroidVersions: Android SoCAndroid ID: A- 242248369
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] There is an unauthorized service in the system service . Since the component does not have per ##mi ssi on check resulting in Local Elevation of privilege . Product : Android Versions : Android SoCAndroid ID : A - 242 ##24 ##8 ##36 ##9 [SEP]
LRP (+Pred, pos-only)
[CLS] There is an unauthorized service in the system service . Since the component does not have per ##mi ssi on check resulting in Local Elevation of privilege . Product : Android Versions : Android SoCAndroid ID : A - 242 ##24 ##8 ##36 ##9 [SEP]
LIME (words)
There is an unauthorized service in the system service. Since the component does not have permission check resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369
SHAP (words)
There is an unauthorized service in the system service. Since the component does not have permission check resulting in Local Elevation of privilege. Product: AndroidVersions: Android SoCAndroid ID: A- 242248369
#48 · cve_id CVE-2022-30821 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁Wedding Manage ment ▁System ▁v 1 . 0 ▁the ▁editing ▁function ▁of ▁the " Service s " ▁module ▁in ▁the ▁background ▁man a gem ent ▁system ▁has ▁an ▁arbitrary ▁file upload ▁vulnerability ▁in ▁the ▁picture upload ▁point ▁of " package _ edit . php " ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In Wedding Management System v1.0 the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
SHAP (words)
In Wedding Management System v1. 0 the editing function of the " Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of " package_edit. php" file
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Wedding Manage men ##t System v ##1 . 0 the editing function of the " Services " mod ul ##e in the background man ##a gem en ##t system has an arbitrary file upload vulnerability in the picture upload p ##o int of " package _ edit . php " file . [SEP]
LRP (+Pred, pos-only)
[CLS] In Wedding Manage men ##t System v ##1 . 0 the editing function of the " Services " mod ul ##e in the background man ##a gem en ##t system has an arbitrary file upload vulnerability in the picture upload p ##o int of " package _ edit . php " file . [SEP]
LIME (words)
In Wedding Management System v1.0 the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
SHAP (words)
In Wedding Management System v1. 0 the editing function of the " Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of " package_edit. php" file
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Wedding Manage men ##t System v ##1 . 0 the editing function of the " Services " mod ul ##e in the background man ##a gem en ##t system has an arbitrary file upload vulnerability in the picture upload p ##o int of " package _ edit . php " file . [SEP]
LRP (+Pred, pos-only)
[CLS] In Wedding Manage men ##t System v ##1 . 0 the editing function of the " Services " mod ul ##e in the background man ##a gem en ##t system has an arbitrary file upload vulnerability in the picture upload p ##o int of " package _ edit . php " file . [SEP]
LIME (words)
In Wedding Management System v1.0 the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
SHAP (words)
In Wedding Management System v1. 0 the editing function of the " Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of " package_edit. php" file
#49 · cve_id CVE-2024-25642 · ac
GT=HIGH (1)
xlnet · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Due ▁to improper validation ▁of ▁certificate ▁in SAP ▁Cloud Connector - ▁version ▁2 . 0 ▁attacker ▁can impersonate ▁the ▁genuine ▁servers ▁to ▁interact ▁with S CC ▁breaking ▁the ▁mutual authentication . ▁Hence ▁the ▁attacker ▁can ▁intercept ▁the ▁request ▁to ▁view / mod ify ▁sensitive ▁in for matio n . ▁There ▁is ▁no ▁impact ▁on ▁the ▁availability ▁of ▁the ▁system . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Due to improper validation of certificate in SAP Cloud Connector - version 2.0 attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
SHAP (words)
Due to improper validation of certificate in SAP Cloud Connector - version 2. 0 attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence the attacker can intercept the request to view/ modify sensitive information. There is no impact on the availability of the system
lrp-bert · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Due to improper validation of certificate in SAP Cloud Connector - version 2 . 0 attacker can impersonate the genuine servers to int era ##ct with SC ##C breaking the mutual authentication . Hence the attacker can int er ##ce ##pt the request to view / mod if ##y sensitive info ##r matio n . There is no impact on the availability of the system . [SEP]
LRP (+Pred, pos-only)
[CLS] Due to improper validation of certificate in SAP Cloud Connector - version 2 . 0 attacker can impersonate the genuine servers to int era ##ct with SC ##C breaking the mutual authentication . Hence the attacker can int er ##ce ##pt the request to view / mod if ##y sensitive info ##r matio n . There is no impact on the availability of the system . [SEP]
LIME (words)
Due to improper validation of certificate in SAP Cloud Connector - version 2.0 attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
SHAP (words)
Due to improper validation of certificate in SAP Cloud Connector - version 2. 0 attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence the attacker can intercept the request to view/ modify sensitive information. There is no impact on the availability of the system
lrp-distilbert · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Due to improper validation of certificate in SAP Cloud Connector - version 2 . 0 attacker can impersonate the genuine servers to int era ##ct with SC ##C breaking the mutual authentication . Hence the attacker can int er ##ce ##pt the request to view / mod if ##y sensitive info ##r matio n . There is no impact on the availability of the system . [SEP]
LRP (+Pred, pos-only)
[CLS] Due to improper validation of certificate in SAP Cloud Connector - version 2 . 0 attacker can impersonate the genuine servers to int era ##ct with SC ##C breaking the mutual authentication . Hence the attacker can int er ##ce ##pt the request to view / mod if ##y sensitive info ##r matio n . There is no impact on the availability of the system . [SEP]
LIME (words)
Due to improper validation of certificate in SAP Cloud Connector - version 2.0 attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
SHAP (words)
Due to improper validation of certificate in SAP Cloud Connector - version 2. 0 attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence the attacker can intercept the request to view/ modify sensitive information. There is no impact on the availability of the system
#50 · cve_id CVE-2023-31595 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
IC Realtime ▁I CIP - P 2012 T ▁2 . 420 ▁is ▁vulnerable ▁to Incorrect ▁Access ▁Control ▁via unauthenticated ▁port ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.
SHAP (words)
IC Realtime ICIP- P2012T 2. 420 is vulnerable to Incorrect Access Control via unauthenticated port access
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I ##C Realtime I CIP - P ##20 ##12 ##T 2 . 420 is vulnerable to Incorrect Access Control via unauthenticated port access . [SEP]
LRP (+Pred, pos-only)
[CLS] I ##C Realtime I CIP - P ##20 ##12 ##T 2 . 420 is vulnerable to Incorrect Access Control via unauthenticated port access . [SEP]
LIME (words)
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.
SHAP (words)
IC Realtime ICIP- P2012T 2. 420 is vulnerable to Incorrect Access Control via unauthenticated port access
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I ##C Realtime I CIP - P ##20 ##12 ##T 2 . 420 is vulnerable to Incorrect Access Control via unauthenticated port access . [SEP]
LRP (+Pred, pos-only)
[CLS] I ##C Realtime I CIP - P ##20 ##12 ##T 2 . 420 is vulnerable to Incorrect Access Control via unauthenticated port access . [SEP]
LIME (words)
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.
SHAP (words)
IC Realtime ICIP- P2012T 2. 420 is vulnerable to Incorrect Access Control via unauthenticated port access
#51 · cve_id CVE-2022-23273 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft Dynamic s ▁GP Elevation ▁Of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
SHAP (words)
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Dynamic s GP Elevation Of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Dynamic s GP Elevation Of Privilege Vulnerability [SEP]
LIME (words)
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
SHAP (words)
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
lrp-distilbert · Pred=LOW (0) · p=0.96 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Dynamic s GP Elevation Of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Dynamic s GP Elevation Of Privilege Vulnerability [SEP]
LIME (words)
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
SHAP (words)
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
#52 · cve_id CVE-2017-15951 · ac
GT=LOW (0)
xlnet · Pred=HIGH (1) · p=0.99 FP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The KEY S subsystem ▁in ▁the ▁Linux ▁kernel ▁before ▁4 . 13 . 10 ▁does ▁not ▁correctly sync hr on ize ▁the ▁actions ▁of updating ▁versus ▁finding ▁a ▁key ▁in ▁the " negative " ▁state ▁to ▁avoid ▁a ▁race ▁condition ▁which ▁allows ▁local ▁users ▁to ▁cause ▁a ▁denial ▁of ▁service ▁or ▁po ssi b ly ▁have unspecified ▁other ▁impact ▁via ▁crafted ▁system ▁calls . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
SHAP (words)
The KEYS subsystem in the Linux kernel before 4. 13. 10 does not correctly synchronize the actions of updating versus finding a key in the " negative" state to avoid a race condition which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls
lrp-bert · Pred=HIGH (1) · p=0.99 FP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The K ##E ##Y ##S subsystem in the Linux kernel before 4 . 13 . 10 does not correctly sync h ##ron ##ize the actions of updating versus finding a key in the " negative " state to avoid a race condition which allows local users to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via crafted system calls . [SEP]
LRP (+Pred, pos-only)
[CLS] The K ##E ##Y ##S subsystem in the Linux kernel before 4 . 13 . 10 does not correctly sync h ##ron ##ize the actions of updating versus finding a key in the " negative " state to avoid a race condition which allows local users to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via crafted system calls . [SEP]
LIME (words)
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
SHAP (words)
The KEYS subsystem in the Linux kernel before 4. 13. 10 does not correctly synchronize the actions of updating versus finding a key in the " negative" state to avoid a race condition which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls
lrp-distilbert · Pred=HIGH (1) · p=0.99 FP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The K ##E ##Y ##S subsystem in the Linux kernel before 4 . 13 . 10 does not correctly sync h ##ron ##ize the actions of updating versus finding a key in the " negative " state to avoid a race condition which allows local users to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via crafted system calls . [SEP]
LRP (+Pred, pos-only)
[CLS] The K ##E ##Y ##S subsystem in the Linux kernel before 4 . 13 . 10 does not correctly sync h ##ron ##ize the actions of updating versus finding a key in the " negative " state to avoid a race condition which allows local users to cause a denial of service or p ##o ssi b ##ly have unspecified other impact via crafted system calls . [SEP]
LIME (words)
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
SHAP (words)
The KEYS subsystem in the Linux kernel before 4. 13. 10 does not correctly synchronize the actions of updating versus finding a key in the " negative" state to avoid a race condition which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls
#53 · cve_id CVE-2022-35293 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Due ▁to insecure se ssi ▁on ▁man a gem ent SAP Enable ▁Now ▁allows ▁an unauthenticated ▁attacker ▁to ▁gain ▁access ▁to ▁user ' s ▁account . ▁On ▁successful ▁exploitation ▁an ▁attacker ▁can ▁view ▁or ▁modify ▁user ▁data ▁causing ▁limited ▁impact ▁on confidentiality ▁and ▁integrity ▁of ▁the ▁application . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Due to insecure session management SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
SHAP (words)
Due to insecure session management SAP Enable Now allows an unauthenticated attacker to gain access to user' s account. On successful exploitation an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Due to insecure se ssi on man ##a gem en ##t SAP Enable Now allows an unauthenticated attacker to gain access to user ' s account . On successful exploitation an attacker can view or mod if ##y user data causing l ##im ite d impact on confidentiality and int e ##g ##rity of the application . [SEP]
LRP (+Pred, pos-only)
[CLS] Due to insecure se ssi on man ##a gem en ##t SAP Enable Now allows an unauthenticated attacker to gain access to user ' s account . On successful exploitation an attacker can view or mod if ##y user data causing l ##im ite d impact on confidentiality and int e ##g ##rity of the application . [SEP]
LIME (words)
Due to insecure session management SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
SHAP (words)
Due to insecure session management SAP Enable Now allows an unauthenticated attacker to gain access to user' s account. On successful exploitation an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Due to insecure se ssi on man ##a gem en ##t SAP Enable Now allows an unauthenticated attacker to gain access to user ' s account . On successful exploitation an attacker can view or mod if ##y user data causing l ##im ite d impact on confidentiality and int e ##g ##rity of the application . [SEP]
LRP (+Pred, pos-only)
[CLS] Due to insecure se ssi on man ##a gem en ##t SAP Enable Now allows an unauthenticated attacker to gain access to user ' s account . On successful exploitation an attacker can view or mod if ##y user data causing l ##im ite d impact on confidentiality and int e ##g ##rity of the application . [SEP]
LIME (words)
Due to insecure session management SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
SHAP (words)
Due to insecure session management SAP Enable Now allows an unauthenticated attacker to gain access to user' s account. On successful exploitation an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application
#54 · cve_id CVE-2019-16644 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁App \ Home \ Control ler \ Z hu ant iControl ler . class . php ▁in ▁Tu z iCMS ▁2 . 0 . 6 ▁has SQL inject ion ▁via ▁the ▁index . php / Z hu anti / group ? id = substring . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
SHAP (words)
App\ Home\ Controller\ ZhuantiController. class. php in TuziCMS 2. 0. 6 has SQL injection via the index. php/ Zhuanti/ group? id= substring
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] App \ Home \ Controller \ Zhu ##ant iControl le ##r . class . php in Tu ##z iCMS 2 . 0 . 6 has SQL inject ion via the index . php / Zhu ##anti / group ? id = substring . [SEP]
LRP (+Pred, pos-only)
[CLS] App \ Home \ Controller \ Zhu ##ant iControl le ##r . class . php in Tu ##z iCMS 2 . 0 . 6 has SQL inject ion via the index . php / Zhu ##anti / group ? id = substring . [SEP]
LIME (words)
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
SHAP (words)
App\ Home\ Controller\ ZhuantiController. class. php in TuziCMS 2. 0. 6 has SQL injection via the index. php/ Zhuanti/ group? id= substring
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] App \ Home \ Controller \ Zhu ##ant iControl le ##r . class . php in Tu ##z iCMS 2 . 0 . 6 has SQL inject ion via the index . php / Zhu ##anti / group ? id = substring . [SEP]
LRP (+Pred, pos-only)
[CLS] App \ Home \ Controller \ Zhu ##ant iControl le ##r . class . php in Tu ##z iCMS 2 . 0 . 6 has SQL inject ion via the index . php / Zhu ##anti / group ? id = substring . [SEP]
LIME (words)
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
SHAP (words)
App\ Home\ Controller\ ZhuantiController. class. php in TuziCMS 2. 0. 6 has SQL injection via the index. php/ Zhuanti/ group? id= substring
#55 · cve_id CVE-2022-26249 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Survey ▁King ▁v 0 . 3 . 0 ▁does ▁not ▁filter ▁data ▁properly ▁when exporting ▁excel ▁files ▁allowing ▁attackers ▁to ▁execute ▁arbitrary ▁code ▁or ▁access ▁sensitive ▁in for matio n ▁via ▁a CSV inject ion ▁attack . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Survey King v0.3.0 does not filter data properly when exporting excel files allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
SHAP (words)
Survey King v0. 3. 0 does not filter data properly when exporting excel files allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Survey King v ##0 . 3 . 0 does not filter data properly when exporting ex ##cel files allowing attackers to exec u ##te arbitrary code or access sensitive info ##r matio n via a CSV inject ion attack . [SEP]
LRP (+Pred, pos-only)
[CLS] Survey King v ##0 . 3 . 0 does not filter data properly when exporting ex ##cel files allowing attackers to exec u ##te arbitrary code or access sensitive info ##r matio n via a CSV inject ion attack . [SEP]
LIME (words)
Survey King v0.3.0 does not filter data properly when exporting excel files allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
SHAP (words)
Survey King v0. 3. 0 does not filter data properly when exporting excel files allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Survey King v ##0 . 3 . 0 does not filter data properly when exporting ex ##cel files allowing attackers to exec u ##te arbitrary code or access sensitive info ##r matio n via a CSV inject ion attack . [SEP]
LRP (+Pred, pos-only)
[CLS] Survey King v ##0 . 3 . 0 does not filter data properly when exporting ex ##cel files allowing attackers to exec u ##te arbitrary code or access sensitive info ##r matio n via a CSV inject ion attack . [SEP]
LIME (words)
Survey King v0.3.0 does not filter data properly when exporting excel files allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
SHAP (words)
Survey King v0. 3. 0 does not filter data properly when exporting excel files allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack
#56 · cve_id CVE-2022-21747 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁im gs ensor ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁read ▁due ▁to ▁a ▁mi ssi ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local ▁denial ▁of ▁service ▁with ▁System ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . ▁Patch ▁ID : ▁AL PS 06 47 80 78 ; ▁Issue ▁ID : ▁AL PS 06 47 80 78 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In imgsensor there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078.
SHAP (words)
In imgsensor there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In im ##gs ##ens ##or there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 ; Issue ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 . [SEP]
LRP (+Pred, pos-only)
[CLS] In im ##gs ##ens ##or there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 ; Issue ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 . [SEP]
LIME (words)
In imgsensor there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078.
SHAP (words)
In imgsensor there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In im ##gs ##ens ##or there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 ; Issue ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 . [SEP]
LRP (+Pred, pos-only)
[CLS] In im ##gs ##ens ##or there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 ; Issue ID : AL ##PS ##0 ##64 ##7 ##80 ##7 ##8 . [SEP]
LIME (words)
In imgsensor there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078.
SHAP (words)
In imgsensor there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078
#57 · cve_id CVE-2020-29239 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Online ▁Birth ▁Certificate ▁System ▁Project ▁V ▁1 . 0 ▁is ▁affected ▁by cross-site scripting ( XSS ) . ▁This ▁vulnerability ▁can ▁result ▁in ▁an ▁attacker injecting ▁the XSS ▁payload ▁in ▁the User Registration ▁section . ▁When ▁an admin ▁visits ▁the ▁View ▁De tail ▁of ▁Application ▁section ▁from ▁the admin ▁panel ▁the ▁attacker ▁can ▁able ▁to ▁steal ▁the ▁cookie ▁according ▁to ▁the ▁crafted ▁payload . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel the attacker can able to steal the cookie according to the crafted payload.
SHAP (words)
Online Birth Certificate System Project V 1. 0 is affected by cross- site scripting ( XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel the attacker can able to steal the cookie according to the crafted payload
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Online Birth Certificate System Project V 1 . 0 is affected by cross-site scripting ( XSS ) . This vulnerability can result in an attacker injecting the XSS payload in the User Registration section . When an admin visits the View Det ##ail of App l ##ica ##tion section from the admin panel the attacker can able to steal the cookie according to the crafted payload . [SEP]
LRP (+Pred, pos-only)
[CLS] Online Birth Certificate System Project V 1 . 0 is affected by cross-site scripting ( XSS ) . This vulnerability can result in an attacker injecting the XSS payload in the User Registration section . When an admin visits the View Det ##ail of App l ##ica ##tion section from the admin panel the attacker can able to steal the cookie according to the crafted payload . [SEP]
LIME (words)
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel the attacker can able to steal the cookie according to the crafted payload.
SHAP (words)
Online Birth Certificate System Project V 1. 0 is affected by cross- site scripting ( XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel the attacker can able to steal the cookie according to the crafted payload
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Online Birth Certificate System Project V 1 . 0 is affected by cross-site scripting ( XSS ) . This vulnerability can result in an attacker injecting the XSS payload in the User Registration section . When an admin visits the View Det ##ail of App l ##ica ##tion section from the admin panel the attacker can able to steal the cookie according to the crafted payload . [SEP]
LRP (+Pred, pos-only)
[CLS] Online Birth Certificate System Project V 1 . 0 is affected by cross-site scripting ( XSS ) . This vulnerability can result in an attacker injecting the XSS payload in the User Registration section . When an admin visits the View Det ##ail of App l ##ica ##tion section from the admin panel the attacker can able to steal the cookie according to the crafted payload . [SEP]
LIME (words)
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel the attacker can able to steal the cookie according to the crafted payload.
SHAP (words)
Online Birth Certificate System Project V 1. 0 is affected by cross- site scripting ( XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel the attacker can able to steal the cookie according to the crafted payload
#58 · cve_id CVE-2021-45452 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Storage . s ave ▁in Django ▁2 . 2 ▁before ▁2 . 2 . 26 ▁3 . 2 ▁before ▁3 . 2 . 11 ▁and ▁4 . 0 ▁before ▁4 . 0 . 1 ▁allows ▁directory traversal ▁if ▁crafted filenames ▁are ▁directly ▁passed ▁to ▁it . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Storage.save in Django 2.2 before 2.2.26 3.2 before 3.2.11 and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
SHAP (words)
Storage. save in Django 2. 2 before 2. 2. 26 3. 2 before 3. 2. 11 and 4. 0 before 4. 0. 1 allows directory traversal if crafted filenames are directly passed to it
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Storage . save in Django 2 . 2 before 2 . 2 . 26 3 . 2 before 3 . 2 . 11 and 4 . 0 before 4 . 0 . 1 allows directory traversal if crafted filenames are directly passed to it . [SEP]
LRP (+Pred, pos-only)
[CLS] Storage . save in Django 2 . 2 before 2 . 2 . 26 3 . 2 before 3 . 2 . 11 and 4 . 0 before 4 . 0 . 1 allows directory traversal if crafted filenames are directly passed to it . [SEP]
LIME (words)
Storage.save in Django 2.2 before 2.2.26 3.2 before 3.2.11 and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
SHAP (words)
Storage. save in Django 2. 2 before 2. 2. 26 3. 2 before 3. 2. 11 and 4. 0 before 4. 0. 1 allows directory traversal if crafted filenames are directly passed to it
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Storage . save in Django 2 . 2 before 2 . 2 . 26 3 . 2 before 3 . 2 . 11 and 4 . 0 before 4 . 0 . 1 allows directory traversal if crafted filenames are directly passed to it . [SEP]
LRP (+Pred, pos-only)
[CLS] Storage . save in Django 2 . 2 before 2 . 2 . 26 3 . 2 before 3 . 2 . 11 and 4 . 0 before 4 . 0 . 1 allows directory traversal if crafted filenames are directly passed to it . [SEP]
LIME (words)
Storage.save in Django 2.2 before 2.2.26 3.2 before 3.2.11 and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
SHAP (words)
Storage. save in Django 2. 2 before 2. 2. 26 3. 2 before 3. 2. 11 and 4. 0 before 4. 0. 1 allows directory traversal if crafted filenames are directly passed to it
#59 · cve_id CVE-2021-0694 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁set Service For e ground In ner Loc ked ▁of ▁Active Service s . java ▁there ▁is ▁a ▁po ssi ble ▁way ▁for ▁a ▁background ▁application ▁to ▁regain foreground permissions ▁due ▁to ▁insufficient ▁background ▁restrictions . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android - 11 And roid ▁ID : ▁A - 18 31 47 1 14 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In setServiceForegroundInnerLocked of ActiveServices.java there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114
SHAP (words)
In setServiceForegroundInnerLocked of ActiveServices. java there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 183147114
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In set ##S ##er ##vice ##F ##ore ##ground ##I ##nner ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way for a background application to regain foreground permissions due to insufficient background restrictions . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 1831 ##47 ##11 ##4 [SEP]
LRP (+Pred, pos-only)
[CLS] In set ##S ##er ##vice ##F ##ore ##ground ##I ##nner ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way for a background application to regain foreground permissions due to insufficient background restrictions . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 1831 ##47 ##11 ##4 [SEP]
LIME (words)
In setServiceForegroundInnerLocked of ActiveServices.java there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114
SHAP (words)
In setServiceForegroundInnerLocked of ActiveServices. java there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 183147114
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In set ##S ##er ##vice ##F ##ore ##ground ##I ##nner ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way for a background application to regain foreground permissions due to insufficient background restrictions . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 1831 ##47 ##11 ##4 [SEP]
LRP (+Pred, pos-only)
[CLS] In set ##S ##er ##vice ##F ##ore ##ground ##I ##nner ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way for a background application to regain foreground permissions due to insufficient background restrictions . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 1831 ##47 ##11 ##4 [SEP]
LIME (words)
In setServiceForegroundInnerLocked of ActiveServices.java there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114
SHAP (words)
In setServiceForegroundInnerLocked of ActiveServices. java there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 183147114
#60 · cve_id CVE-2022-42348 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Adobe ▁Experience Manage r ▁version ▁6 . 5 . 14 ( and ▁earlier ) ▁is ▁affected ▁by ▁a ▁reflected Cross-Site Scripting ( XSS ) ▁vulnerability . ▁If ▁a low-privileged ▁attacker ▁is ▁able ▁to ▁convince ▁a ▁victim ▁to ▁visit ▁a URL referencing ▁a ▁vulnerable ▁page malicious JavaScript ▁content ▁may ▁be ▁executed ▁within ▁the ▁context ▁of ▁the ▁victim ' s browse r . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be executed within the context of the victim's browser.
SHAP (words)
Adobe Experience Manager version 6. 5. 14 ( and earlier) is affected by a reflected Cross- Site Scripting ( XSS) vulnerability. If a low- privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be executed within the context of the victim' s browser
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Experience Manage r version 6 . 5 . 14 ( and earlier ) is affected by a reflected Cross-Site Scripting ( XSS ) vulnerability . If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be exec u ##ted within the context of the victim ' s browse r . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Experience Manage r version 6 . 5 . 14 ( and earlier ) is affected by a reflected Cross-Site Scripting ( XSS ) vulnerability . If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be exec u ##ted within the context of the victim ' s browse r . [SEP]
LIME (words)
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be executed within the context of the victim's browser.
SHAP (words)
Adobe Experience Manager version 6. 5. 14 ( and earlier) is affected by a reflected Cross- Site Scripting ( XSS) vulnerability. If a low- privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be executed within the context of the victim' s browser
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Experience Manage r version 6 . 5 . 14 ( and earlier ) is affected by a reflected Cross-Site Scripting ( XSS ) vulnerability . If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be exec u ##ted within the context of the victim ' s browse r . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Experience Manage r version 6 . 5 . 14 ( and earlier ) is affected by a reflected Cross-Site Scripting ( XSS ) vulnerability . If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be exec u ##ted within the context of the victim ' s browse r . [SEP]
LIME (words)
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be executed within the context of the victim's browser.
SHAP (words)
Adobe Experience Manager version 6. 5. 14 ( and earlier) is affected by a reflected Cross- Site Scripting ( XSS) vulnerability. If a low- privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page malicious JavaScript content may be executed within the context of the victim' s browser
#61 · cve_id CVE-2023-48107 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Buffer Overflow ▁vulnerability ▁in zlib - ng ▁mini zip - ng ▁v . 4 . 0 . 2 ▁allows ▁an ▁attacker ▁to ▁execute ▁arbitrary ▁code ▁via ▁a ▁crafted ▁file ▁to ▁the m z _ path _ has _ sl ash ▁function ▁in ▁the m z _ os . c ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.
SHAP (words)
Buffer Overflow vulnerability in zlib- ng minizip- ng v. 4. 0. 2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os. c file
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Buffer Overflow vulnerability in zlib - ng mini zip - ng v . 4 . 0 . 2 allows an attacker to exec u ##te arbitrary code via a crafted file to the m ##z _ path _ has _ sl ash function in the m ##z _ o ##s . c file . [SEP]
LRP (+Pred, pos-only)
[CLS] Buffer Overflow vulnerability in zlib - ng mini zip - ng v . 4 . 0 . 2 allows an attacker to exec u ##te arbitrary code via a crafted file to the m ##z _ path _ has _ sl ash function in the m ##z _ o ##s . c file . [SEP]
LIME (words)
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.
SHAP (words)
Buffer Overflow vulnerability in zlib- ng minizip- ng v. 4. 0. 2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os. c file
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Buffer Overflow vulnerability in zlib - ng mini zip - ng v . 4 . 0 . 2 allows an attacker to exec u ##te arbitrary code via a crafted file to the m ##z _ path _ has _ sl ash function in the m ##z _ o ##s . c file . [SEP]
LRP (+Pred, pos-only)
[CLS] Buffer Overflow vulnerability in zlib - ng mini zip - ng v . 4 . 0 . 2 allows an attacker to exec u ##te arbitrary code via a crafted file to the m ##z _ path _ has _ sl ash function in the m ##z _ o ##s . c file . [SEP]
LIME (words)
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.
SHAP (words)
Buffer Overflow vulnerability in zlib- ng minizip- ng v. 4. 0. 2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os. c file
#62 · cve_id CVE-2024-26263 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁E BM ▁Technologies RIS WEB ' s spec ific URL ▁path ▁is ▁not ▁properly ▁controlled ▁by ▁per mi ssi ▁on ▁allowing ▁attackers ▁to browse spec ific ▁pages ▁and query ▁sensitive ▁data ▁without login . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
EBM Technologies RISWEB's specific URL path is not properly controlled by permission allowing attackers to browse specific pages and query sensitive data without login.
SHAP (words)
EBM Technologies RISWEB' s specific URL path is not properly controlled by permission allowing attackers to browse specific pages and query sensitive data without login
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] E BM Technologies R ##I SW E ##B ' s spec if ##ic URL path is not properly controlled by per ##mi ssi on allowing attackers to browse spec if ##ic pages and query sensitive data without login . [SEP]
LRP (+Pred, pos-only)
[CLS] E BM Technologies R ##I SW E ##B ' s spec if ##ic URL path is not properly controlled by per ##mi ssi on allowing attackers to browse spec if ##ic pages and query sensitive data without login . [SEP]
LIME (words)
EBM Technologies RISWEB's specific URL path is not properly controlled by permission allowing attackers to browse specific pages and query sensitive data without login.
SHAP (words)
EBM Technologies RISWEB' s specific URL path is not properly controlled by permission allowing attackers to browse specific pages and query sensitive data without login
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] E BM Technologies R ##I SW E ##B ' s spec if ##ic URL path is not properly controlled by per ##mi ssi on allowing attackers to browse spec if ##ic pages and query sensitive data without login . [SEP]
LRP (+Pred, pos-only)
[CLS] E BM Technologies R ##I SW E ##B ' s spec if ##ic URL path is not properly controlled by per ##mi ssi on allowing attackers to browse spec if ##ic pages and query sensitive data without login . [SEP]
LIME (words)
EBM Technologies RISWEB's specific URL path is not properly controlled by permission allowing attackers to browse specific pages and query sensitive data without login.
SHAP (words)
EBM Technologies RISWEB' s specific URL path is not properly controlled by permission allowing attackers to browse specific pages and query sensitive data without login
#63 · cve_id CVE-2022-0517 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Mozilla VPN ▁can ▁load ▁an OpenSSL ▁configuration ▁file ▁from ▁an unsecured ▁directory . ▁A ▁user ▁or ▁attacker ▁with ▁limited ▁privileges ▁could ▁leverage ▁this ▁to ▁launch ▁arbitrary ▁code ▁with SYSTEM ▁privilege . ▁This ▁vulnerability ▁affects Mozilla VPN ▁< ▁2 . 7 . 1 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
SHAP (words)
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2. 7. 1
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mozilla VPN can load an OpenSSL config u ##ration file from an unsecured directory . A user or attacker with l ##im ite d privileges could leverage this to launch arbitrary code with SYSTEM privilege . This vulnerability affects Mozilla VPN < 2 . 7 . 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] Mozilla VPN can load an OpenSSL config u ##ration file from an unsecured directory . A user or attacker with l ##im ite d privileges could leverage this to launch arbitrary code with SYSTEM privilege . This vulnerability affects Mozilla VPN < 2 . 7 . 1 . [SEP]
LIME (words)
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
SHAP (words)
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2. 7. 1
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mozilla VPN can load an OpenSSL config u ##ration file from an unsecured directory . A user or attacker with l ##im ite d privileges could leverage this to launch arbitrary code with SYSTEM privilege . This vulnerability affects Mozilla VPN < 2 . 7 . 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] Mozilla VPN can load an OpenSSL config u ##ration file from an unsecured directory . A user or attacker with l ##im ite d privileges could leverage this to launch arbitrary code with SYSTEM privilege . This vulnerability affects Mozilla VPN < 2 . 7 . 1 . [SEP]
LIME (words)
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
SHAP (words)
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2. 7. 1
#64 · cve_id CVE-2021-21229 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Incorrect ▁security UI ▁in ▁downloads ▁in ▁Google Chrome ▁on ▁Android ▁prior ▁to ▁90 . 0 . 44 30 . 93 ▁allowed ▁a ▁remote ▁attacker ▁to ▁perform ▁domain spoofing ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
SHAP (words)
Incorrect security UI in downloads in Google Chrome on Android prior to 90. 0. 4430. 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incorrect se ##c uri t ##y UI in downloads in Google Chrome on Android prior to 90 . 0 . 44 ##30 . 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Incorrect se ##c uri t ##y UI in downloads in Google Chrome on Android prior to 90 . 0 . 44 ##30 . 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LIME (words)
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
SHAP (words)
Incorrect security UI in downloads in Google Chrome on Android prior to 90. 0. 4430. 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incorrect se ##c uri t ##y UI in downloads in Google Chrome on Android prior to 90 . 0 . 44 ##30 . 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Incorrect se ##c uri t ##y UI in downloads in Google Chrome on Android prior to 90 . 0 . 44 ##30 . 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LIME (words)
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
SHAP (words)
Incorrect security UI in downloads in Google Chrome on Android prior to 90. 0. 4430. 93 allowed a remote attacker to perform domain spoofing via a crafted HTML page
#65 · cve_id CVE-2022-29644 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
TOTOLINK ▁A 3 100 R ▁V 4 . 1 . 2 cu . 50 50 _ B 20 2005 04 ▁and ▁V 4 . 1 . 2 cu . 5 247 _ B 20 21 11 29 ▁were ▁di sc ▁over ed ▁to ▁contain ▁a ▁hard coded ▁password ▁for ▁the telnet ▁service ▁stored ▁in ▁the ▁component / web _ c ste / c gi - bin / product . ini . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
SHAP (words)
TOTOLINK A3100R V4. 1. 2cu. 5050_B20200504 and V4. 1. 2cu. 5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component / web_cste/ cgi- bin/ product. ini
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TOTOLINK A ##31 ##00 ##R V ##4 . 1 . 2 ##cu . 50 ##50 _ B ##20 ##20 ##0 ##50 ##4 and V ##4 . 1 . 2 ##cu . 52 ##47 _ B ##20 ##21 ##11 ##29 were di sc over ##ed to contain a hard coded password for the telnet service stored in the component / web _ c ##ste / c ##gi - bin / product . in ##i . [SEP]
LRP (+Pred, pos-only)
[CLS] TOTOLINK A ##31 ##00 ##R V ##4 . 1 . 2 ##cu . 50 ##50 _ B ##20 ##20 ##0 ##50 ##4 and V ##4 . 1 . 2 ##cu . 52 ##47 _ B ##20 ##21 ##11 ##29 were di sc over ##ed to contain a hard coded password for the telnet service stored in the component / web _ c ##ste / c ##gi - bin / product . in ##i . [SEP]
LIME (words)
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
SHAP (words)
TOTOLINK A3100R V4. 1. 2cu. 5050_B20200504 and V4. 1. 2cu. 5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component / web_cste/ cgi- bin/ product. ini
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TOTOLINK A ##31 ##00 ##R V ##4 . 1 . 2 ##cu . 50 ##50 _ B ##20 ##20 ##0 ##50 ##4 and V ##4 . 1 . 2 ##cu . 52 ##47 _ B ##20 ##21 ##11 ##29 were di sc over ##ed to contain a hard coded password for the telnet service stored in the component / web _ c ##ste / c ##gi - bin / product . in ##i . [SEP]
LRP (+Pred, pos-only)
[CLS] TOTOLINK A ##31 ##00 ##R V ##4 . 1 . 2 ##cu . 50 ##50 _ B ##20 ##20 ##0 ##50 ##4 and V ##4 . 1 . 2 ##cu . 52 ##47 _ B ##20 ##21 ##11 ##29 were di sc over ##ed to contain a hard coded password for the telnet service stored in the component / web _ c ##ste / c ##gi - bin / product . in ##i . [SEP]
LIME (words)
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
SHAP (words)
TOTOLINK A3100R V4. 1. 2cu. 5050_B20200504 and V4. 1. 2cu. 5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component / web_cste/ cgi- bin/ product. ini
#66 · cve_id CVE-2021-3327 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁O vation Dynamic ▁Content ▁1 . 10 . 1 ▁for Elementor ▁allows XSS ▁via ▁the ▁post _ title param eter . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.
SHAP (words)
Ovation Dynamic Content 1. 10. 1 for Elementor allows XSS via the post_title parameter
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] O ##vation Dynamic Content 1 . 10 . 1 for Elementor allows XSS via the post _ title param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] O ##vation Dynamic Content 1 . 10 . 1 for Elementor allows XSS via the post _ title param et ##er . [SEP]
LIME (words)
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.
SHAP (words)
Ovation Dynamic Content 1. 10. 1 for Elementor allows XSS via the post_title parameter
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] O ##vation Dynamic Content 1 . 10 . 1 for Elementor allows XSS via the post _ title param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] O ##vation Dynamic Content 1 . 10 . 1 for Elementor allows XSS via the post _ title param et ##er . [SEP]
LIME (words)
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.
SHAP (words)
Ovation Dynamic Content 1. 10. 1 for Elementor allows XSS via the post_title parameter
#67 · cve_id CVE-2020-25094 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Log Rhythm Plat ▁form Manage r ▁7 . 4 . 9 ▁allows ▁Command Injection . ▁To ▁exploit ▁this ▁an ▁attacker ▁can inject ▁arbitrary ▁program ▁names ▁and ▁arguments ▁into ▁a WebSocket . ▁These ▁are forwarded ▁to ▁any ▁remote ▁server ▁with ▁a Log Rhythm ▁Smart ▁Response ▁agent ▁installed . ▁By ▁default ▁the ▁commands ▁are ▁run ▁with LocalSystem ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default the commands are run with LocalSystem privileges.
SHAP (words)
LogRhythm Platform Manager 7. 4. 9 allows Command Injection. To exploit this an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default the commands are run with LocalSystem privileges
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Log Rhythm Plat form Manage r 7 . 4 . 9 allows Command Injection . To exploit this an attacker can inject arbitrary program names and arguments int o a WebSocket . These are forwarded to any remote server with a Log Rhythm Smart Response agent installed . By default the commands are run with LocalSystem privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] Log Rhythm Plat form Manage r 7 . 4 . 9 allows Command Injection . To exploit this an attacker can inject arbitrary program names and arguments int o a WebSocket . These are forwarded to any remote server with a Log Rhythm Smart Response agent installed . By default the commands are run with LocalSystem privileges . [SEP]
LIME (words)
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default the commands are run with LocalSystem privileges.
SHAP (words)
LogRhythm Platform Manager 7. 4. 9 allows Command Injection. To exploit this an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default the commands are run with LocalSystem privileges
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Log Rhythm Plat form Manage r 7 . 4 . 9 allows Command Injection . To exploit this an attacker can inject arbitrary program names and arguments int o a WebSocket . These are forwarded to any remote server with a Log Rhythm Smart Response agent installed . By default the commands are run with LocalSystem privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] Log Rhythm Plat form Manage r 7 . 4 . 9 allows Command Injection . To exploit this an attacker can inject arbitrary program names and arguments int o a WebSocket . These are forwarded to any remote server with a Log Rhythm Smart Response agent installed . By default the commands are run with LocalSystem privileges . [SEP]
LIME (words)
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default the commands are run with LocalSystem privileges.
SHAP (words)
LogRhythm Platform Manager 7. 4. 9 allows Command Injection. To exploit this an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default the commands are run with LocalSystem privileges
#68 · cve_id CVE-2022-45092 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in ▁SI NEC ▁I NS ( All ▁versions ▁< ▁V 1 . 0 ▁SP 2 Update ▁1 ) . ▁An authenticated ▁remote ▁attacker ▁with ▁access ▁to ▁the ▁Web ▁Based Manage ment ( 44 3/ t c p ) ▁of ▁the ▁affected ▁product ▁could ▁potentially ▁read ▁and ▁write ▁arbitrary ▁files ▁from ▁and ▁to ▁the ▁device ' s ▁file ▁system . ▁An ▁attacker ▁might ▁leverage ▁this ▁to ▁trigger ▁remote ▁code ▁execution ▁on ▁the ▁affected ▁component . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
SHAP (words)
A vulnerability has been identified in SINEC INS ( All versions < V1. 0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management ( 443/ tcp) of the affected product could potentially read and write arbitrary files from and to the device' s file system. An attacker might leverage this to trigger remote code execution on the affected component
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in S ##I NEC I NS ( All versions < V ##1 . 0 SP ##2 Update 1 ) . An authenticated remote attacker with access to the Web Based Manage men ##t ( 44 ##3 / t ##c ##p ) of the affected product could potentially read and w ##r ite arbitrary files from and to the dev ice ' s file system . An attacker might leverage this to trigger remote code exec u ##tion on the affected component . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in S ##I NEC I NS ( All versions < V ##1 . 0 SP ##2 Update 1 ) . An authenticated remote attacker with access to the Web Based Manage men ##t ( 44 ##3 / t ##c ##p ) of the affected product could potentially read and w ##r ite arbitrary files from and to the dev ice ' s file system . An attacker might leverage this to trigger remote code exec u ##tion on the affected component . [SEP]
LIME (words)
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
SHAP (words)
A vulnerability has been identified in SINEC INS ( All versions < V1. 0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management ( 443/ tcp) of the affected product could potentially read and write arbitrary files from and to the device' s file system. An attacker might leverage this to trigger remote code execution on the affected component
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in S ##I NEC I NS ( All versions < V ##1 . 0 SP ##2 Update 1 ) . An authenticated remote attacker with access to the Web Based Manage men ##t ( 44 ##3 / t ##c ##p ) of the affected product could potentially read and w ##r ite arbitrary files from and to the dev ice ' s file system . An attacker might leverage this to trigger remote code exec u ##tion on the affected component . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in S ##I NEC I NS ( All versions < V ##1 . 0 SP ##2 Update 1 ) . An authenticated remote attacker with access to the Web Based Manage men ##t ( 44 ##3 / t ##c ##p ) of the affected product could potentially read and w ##r ite arbitrary files from and to the dev ice ' s file system . An attacker might leverage this to trigger remote code exec u ##tion on the affected component . [SEP]
LIME (words)
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
SHAP (words)
A vulnerability has been identified in SINEC INS ( All versions < V1. 0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management ( 443/ tcp) of the affected product could potentially read and write arbitrary files from and to the device' s file system. An attacker might leverage this to trigger remote code execution on the affected component
#69 · cve_id CVE-2016-5634 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Unspecified ▁vulnerability ▁in ▁Oracle MySQL ▁5 . 7 . 13 ▁and ▁earlier ▁allows ▁remote admin ▁is tra tors ▁to ▁affect ▁availability ▁via ▁vector s ▁related ▁to ▁R BR . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.
SHAP (words)
Unspecified vulnerability in Oracle MySQL 5. 7. 13 and earlier allows remote administrators to affect availability via vectors related to RBR
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Unspecified vulnerability in Oracle MySQL 5 . 7 . 13 and earlier allows remote admin is ##tra ##tors to affect availability via vectors related to RB ##R . [SEP]
LRP (+Pred, pos-only)
[CLS] Unspecified vulnerability in Oracle MySQL 5 . 7 . 13 and earlier allows remote admin is ##tra ##tors to affect availability via vectors related to RB ##R . [SEP]
LIME (words)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.
SHAP (words)
Unspecified vulnerability in Oracle MySQL 5. 7. 13 and earlier allows remote administrators to affect availability via vectors related to RBR
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Unspecified vulnerability in Oracle MySQL 5 . 7 . 13 and earlier allows remote admin is ##tra ##tors to affect availability via vectors related to RB ##R . [SEP]
LRP (+Pred, pos-only)
[CLS] Unspecified vulnerability in Oracle MySQL 5 . 7 . 13 and earlier allows remote admin is ##tra ##tors to affect availability via vectors related to RB ##R . [SEP]
LIME (words)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.
SHAP (words)
Unspecified vulnerability in Oracle MySQL 5. 7. 13 and earlier allows remote administrators to affect availability via vectors related to RBR
#70 · cve_id CVE-2022-21582 · ac
GT=HIGH (1)
xlnet · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle ▁Banking ▁Trade ▁Finance ▁product ▁of ▁Oracle ▁Financial ▁Services ▁Applications ( com ponent : ▁Infrastructure ) . ▁The ▁supported ▁version ▁that ▁is ▁affected ▁is ▁14 . 5 . Difficult ▁to ▁exploit ▁vulnerability ▁allows ▁low ▁privileged ▁attacker ▁with ▁network ▁access ▁via HTTP ▁to ▁compromise ▁Oracle ▁Banking ▁Trade ▁Finance . Successful ▁attacks ▁require ▁human ▁interaction ▁from ▁a ▁person ▁other ▁than ▁the ▁attacker . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁creation deletion ▁or ▁modification ▁access ▁to ▁critical ▁data ▁or ▁all ▁Oracle ▁Banking ▁Trade ▁Finance acce ssi ble ▁data ▁as ▁well ▁as unauthorized ▁access ▁to ▁critical ▁data ▁or ▁complete ▁access ▁to ▁all ▁Oracle ▁Banking ▁Trade ▁Finance acce ssi ble ▁data ▁and unauthorized ▁ability ▁to ▁cause ▁a ▁partial ▁denial ▁of ▁service ( part ial ▁DO S ) ▁of ▁Oracle ▁Banking ▁Trade ▁Finance . CVSS ▁3 . 1 ▁Base ▁Score ▁6 . 7 ( Con fid ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : N / AC : H / PR : L / UI : R / S : U / C : H / I : H / A : L ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 6.7 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).
SHAP (words)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ( component: Infrastructure). The supported version that is affected is 14. 5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service ( partial DOS) of Oracle Banking Trade Finance. CVSS 3. 1 Base Score 6. 7 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: H/ PR: L/ UI: R/ S: U/ C: H/ I: H/ A: L
lrp-bert · Pred=HIGH (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services App l ##ica ##tions ( component : In ##fra struct u ##re ) . The supported version that is affected is 14 . 5 . Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Oracle Banking Trade Finance . CVSS 3 . 1 Base Score 6 . 7 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : L / UI : R / S : U / C : H / I : H / A : L ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services App l ##ica ##tions ( component : In ##fra struct u ##re ) . The supported version that is affected is 14 . 5 . Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Oracle Banking Trade Finance . CVSS 3 . 1 Base Score 6 . 7 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : L / UI : R / S : U / C : H / I : H / A : L ) . [SEP]
LIME (words)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 6.7 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).
SHAP (words)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ( component: Infrastructure). The supported version that is affected is 14. 5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service ( partial DOS) of Oracle Banking Trade Finance. CVSS 3. 1 Base Score 6. 7 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: H/ PR: L/ UI: R/ S: U/ C: H/ I: H/ A: L
lrp-distilbert · Pred=HIGH (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services App l ##ica ##tions ( component : In ##fra struct u ##re ) . The supported version that is affected is 14 . 5 . Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Oracle Banking Trade Finance . CVSS 3 . 1 Base Score 6 . 7 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : L / UI : R / S : U / C : H / I : H / A : L ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services App l ##ica ##tions ( component : In ##fra struct u ##re ) . The supported version that is affected is 14 . 5 . Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance a ##cc ##e ssi b ##le data and unauthorized ability to cause a partial denial of service ( partial DOS ) of Oracle Banking Trade Finance . CVSS 3 . 1 Base Score 6 . 7 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : L / UI : R / S : U / C : H / I : H / A : L ) . [SEP]
LIME (words)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 6.7 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).
SHAP (words)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ( component: Infrastructure). The supported version that is affected is 14. 5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service ( partial DOS) of Oracle Banking Trade Finance. CVSS 3. 1 Base Score 6. 7 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: H/ PR: L/ UI: R/ S: U/ C: H/ I: H/ A: L
#71 · cve_id CVE-2023-4208 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A use-after-free ▁vulnerability ▁in ▁the ▁Linux ▁kernel ' s ▁net / sc ▁he d : cl s _ u 32 ▁component ▁can ▁be ▁exploited ▁to ▁achieve ▁local ▁privilege escalation . When u 32 _ change ( ) ▁is ▁called ▁on ▁an ▁existing ▁filter ▁the ▁whole t cf _ re s ult struct ▁is ▁always ▁copied ▁into ▁the ▁new ▁instance ▁of ▁the ▁filter . ▁This ▁causes ▁a ▁problem ▁when updating ▁a ▁filter ▁bound ▁to ▁a ▁class ▁as t cf _ un bin d _ fil ter ( ) ▁is ▁always ▁called ▁on ▁the ▁old ▁instance ▁in ▁the ▁success ▁path ▁decreasing ▁filter _ c nt ▁of ▁the ▁still ▁referenced ▁class ▁and ▁allowing ▁it ▁to ▁be delete d ▁leading ▁to ▁a use-after-free . We ▁recommend upgrading ▁past ▁commit ▁30 44 b 16 e 7 c 6 fe 5 d 24 b 1 c db cf 1 b d 0 a 9 d 92 d 1 eb d 81 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class as tcf_unbind_filter() is always called on the old instance in the success path decreasing filter_cnt of the still referenced class and allowing it to be deleted leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
SHAP (words)
A use- after- free vulnerability in the Linux kernel' s net/ sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class as tcf_unbind_filter() is always called on the old instance in the success path decreasing filter_cnt of the still referenced class and allowing it to be deleted leading to a use- after- free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A use-after-free vulnerability in the Linux kernel ' s net / sc he ##d : c ##ls _ u ##32 component can be ex ##p ##lo ite d to achieve local privilege escalation . When u ##32 _ change ( ) is called on an existing filter the whole t ##c ##f _ result struct is always copied int o the new instance of the filter . This causes a problem when updating a filter bound to a class as t ##c ##f _ un ##bin ##d _ filter ( ) is always called on the old instance in the success path decreasing filter _ c ##nt of the still referenced class and allowing it to be delete d leading to a use-after-free . We recommend upgrading past commit 304 ##4 ##b ##16 ##e ##7 ##c ##6 ##fe ##5 ##d ##24 ##b ##1 ##c db c ##f ##1 ##b ##d ##0 ##a ##9 ##d ##9 ##2 ##d ##1 ##eb ##d ##8 ##1 . [SEP]
LRP (+Pred, pos-only)
[CLS] A use-after-free vulnerability in the Linux kernel ' s net / sc he ##d : c ##ls _ u ##32 component can be ex ##p ##lo ite d to achieve local privilege escalation . When u ##32 _ change ( ) is called on an existing filter the whole t ##c ##f _ result struct is always copied int o the new instance of the filter . This causes a problem when updating a filter bound to a class as t ##c ##f _ un ##bin ##d _ filter ( ) is always called on the old instance in the success path decreasing filter _ c ##nt of the still referenced class and allowing it to be delete d leading to a use-after-free . We recommend upgrading past commit 304 ##4 ##b ##16 ##e ##7 ##c ##6 ##fe ##5 ##d ##24 ##b ##1 ##c db c ##f ##1 ##b ##d ##0 ##a ##9 ##d ##9 ##2 ##d ##1 ##eb ##d ##8 ##1 . [SEP]
LIME (words)
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class as tcf_unbind_filter() is always called on the old instance in the success path decreasing filter_cnt of the still referenced class and allowing it to be deleted leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
SHAP (words)
A use- after- free vulnerability in the Linux kernel' s net/ sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class as tcf_unbind_filter() is always called on the old instance in the success path decreasing filter_cnt of the still referenced class and allowing it to be deleted leading to a use- after- free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A use-after-free vulnerability in the Linux kernel ' s net / sc he ##d : c ##ls _ u ##32 component can be ex ##p ##lo ite d to achieve local privilege escalation . When u ##32 _ change ( ) is called on an existing filter the whole t ##c ##f _ result struct is always copied int o the new instance of the filter . This causes a problem when updating a filter bound to a class as t ##c ##f _ un ##bin ##d _ filter ( ) is always called on the old instance in the success path decreasing filter _ c ##nt of the still referenced class and allowing it to be delete d leading to a use-after-free . We recommend upgrading past commit 304 ##4 ##b ##16 ##e ##7 ##c ##6 ##fe ##5 ##d ##24 ##b ##1 ##c db c ##f ##1 ##b ##d ##0 ##a ##9 ##d ##9 ##2 ##d ##1 ##eb ##d ##8 ##1 . [SEP]
LRP (+Pred, pos-only)
[CLS] A use-after-free vulnerability in the Linux kernel ' s net / sc he ##d : c ##ls _ u ##32 component can be ex ##p ##lo ite d to achieve local privilege escalation . When u ##32 _ change ( ) is called on an existing filter the whole t ##c ##f _ result struct is always copied int o the new instance of the filter . This causes a problem when updating a filter bound to a class as t ##c ##f _ un ##bin ##d _ filter ( ) is always called on the old instance in the success path decreasing filter _ c ##nt of the still referenced class and allowing it to be delete d leading to a use-after-free . We recommend upgrading past commit 304 ##4 ##b ##16 ##e ##7 ##c ##6 ##fe ##5 ##d ##24 ##b ##1 ##c db c ##f ##1 ##b ##d ##0 ##a ##9 ##d ##9 ##2 ##d ##1 ##eb ##d ##8 ##1 . [SEP]
LIME (words)
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class as tcf_unbind_filter() is always called on the old instance in the success path decreasing filter_cnt of the still referenced class and allowing it to be deleted leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
SHAP (words)
A use- after- free vulnerability in the Linux kernel' s net/ sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class as tcf_unbind_filter() is always called on the old instance in the success path decreasing filter_cnt of the still referenced class and allowing it to be deleted leading to a use- after- free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81
#72 · cve_id CVE-2020-12904 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Out ▁of Bounds ▁Read ▁in AMD Graphics ▁Driver ▁for ▁Windows ▁10 ▁in ▁E sc ▁a pe ▁0 x 300 420 3 ▁may ▁lead ▁to ▁arbitrary ▁in for matio n ▁di sc los ure . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.
SHAP (words)
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Out of Bounds Read in AMD Graphics Driver for Windows 10 in E sc a ##pe 0 ##x ##30 ##0 ##42 ##0 ##3 may lead to arbitrary info ##r matio n di sc los ##ure . [SEP]
LRP (+Pred, pos-only)
[CLS] Out of Bounds Read in AMD Graphics Driver for Windows 10 in E sc a ##pe 0 ##x ##30 ##0 ##42 ##0 ##3 may lead to arbitrary info ##r matio n di sc los ##ure . [SEP]
LIME (words)
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.
SHAP (words)
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Out of Bounds Read in AMD Graphics Driver for Windows 10 in E sc a ##pe 0 ##x ##30 ##0 ##42 ##0 ##3 may lead to arbitrary info ##r matio n di sc los ##ure . [SEP]
LRP (+Pred, pos-only)
[CLS] Out of Bounds Read in AMD Graphics Driver for Windows 10 in E sc a ##pe 0 ##x ##30 ##0 ##42 ##0 ##3 may lead to arbitrary info ##r matio n di sc los ##ure . [SEP]
LIME (words)
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.
SHAP (words)
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure
#73 · cve_id CVE-2024-1098 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in ▁Re build ▁up ▁to ▁3 . 5 . 5 ▁and cla ssi fi ed ▁as ▁problematic . ▁This ▁issue ▁affects ▁the ▁function ▁Qin iu Cloud . get Storage ▁File ▁of ▁the ▁file / file x / proxy - download . ▁The ▁manipulation ▁of ▁the ▁argument url ▁leads ▁to ▁in for matio n ▁di sc los ure . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The ▁associated identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 25 24 55 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
SHAP (words)
A vulnerability was found in Rebuild up to 3. 5. 5 and classified as problematic. This issue affects the function QiniuCloud. getStorageFile of the file / filex/ proxy- download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 252455
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in Re ##bu ##il ##d up to 3 . 5 . 5 and c ##la ssi fi ##ed as problematic . This issue affects the function Qin ##iu ##C ##lou ##d . get Storage File of the file / file ##x / proxy - download . The man ip ul ##ation of the argument url leads to info ##r matio n di sc los ##ure . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 252 ##45 ##5 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in Re ##bu ##il ##d up to 3 . 5 . 5 and c ##la ssi fi ##ed as problematic . This issue affects the function Qin ##iu ##C ##lou ##d . get Storage File of the file / file ##x / proxy - download . The man ip ul ##ation of the argument url leads to info ##r matio n di sc los ##ure . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 252 ##45 ##5 . [SEP]
LIME (words)
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
SHAP (words)
A vulnerability was found in Rebuild up to 3. 5. 5 and classified as problematic. This issue affects the function QiniuCloud. getStorageFile of the file / filex/ proxy- download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 252455
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in Re ##bu ##il ##d up to 3 . 5 . 5 and c ##la ssi fi ##ed as problematic . This issue affects the function Qin ##iu ##C ##lou ##d . get Storage File of the file / file ##x / proxy - download . The man ip ul ##ation of the argument url leads to info ##r matio n di sc los ##ure . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 252 ##45 ##5 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in Re ##bu ##il ##d up to 3 . 5 . 5 and c ##la ssi fi ##ed as problematic . This issue affects the function Qin ##iu ##C ##lou ##d . get Storage File of the file / file ##x / proxy - download . The man ip ul ##ation of the argument url leads to info ##r matio n di sc los ##ure . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 252 ##45 ##5 . [SEP]
LIME (words)
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
SHAP (words)
A vulnerability was found in Rebuild up to 3. 5. 5 and classified as problematic. This issue affects the function QiniuCloud. getStorageFile of the file / filex/ proxy- download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 252455
#74 · cve_id CVE-2021-43248 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Windows Digi tal ▁Media Receiver Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Windows Digital Media Receiver Elevation of Privilege Vulnerability
SHAP (words)
Windows Digital Media Receiver Elevation of Privilege Vulnerability
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows Digi ta ##l Media Receiver Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows Digi ta ##l Media Receiver Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Digital Media Receiver Elevation of Privilege Vulnerability
SHAP (words)
Windows Digital Media Receiver Elevation of Privilege Vulnerability
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows Digi ta ##l Media Receiver Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows Digi ta ##l Media Receiver Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Digital Media Receiver Elevation of Privilege Vulnerability
SHAP (words)
Windows Digital Media Receiver Elevation of Privilege Vulnerability
#75 · cve_id CVE-2020-0618 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁remote ▁code ▁execution ▁vulnerability ▁exists ▁in ▁Microsoft SQL ▁Server Reporting ▁Services ▁when ▁it ▁incorrectly ▁handles ▁page ▁requests aka ' Mi cro soft SQL ▁Server Reporting ▁Services Remote ▁Code Execution Vulnerability ' . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
SHAP (words)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A remote code exec u ##tion vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability ' . [SEP]
LRP (+Pred, pos-only)
[CLS] A remote code exec u ##tion vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability ' . [SEP]
LIME (words)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
SHAP (words)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A remote code exec u ##tion vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability ' . [SEP]
LRP (+Pred, pos-only)
[CLS] A remote code exec u ##tion vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability ' . [SEP]
LIME (words)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
SHAP (words)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests aka ' Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
#76 · cve_id CVE-2021-45645 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Certain NETGEAR ▁devices ▁are ▁affected ▁by ▁incorrect ▁configuration ▁of ▁security ▁settings . ▁This ▁affects ▁R BS 50 Y ▁before ▁2 . 7 . 0 . 12 2 ▁SR K 60 ▁before ▁2 . 7 . 0 . 12 2 ▁SR R 60 ▁before ▁2 . 7 . 0 . 12 2 ▁SR S 60 ▁before ▁2 . 7 . 0 . 12 2 SX K 30 ▁before ▁3 . 2 . 33 . 10 8 S XR ▁30 ▁before ▁3 . 2 . 33 . 10 8 S XS ▁30 ▁before ▁3 . 2 . 33 . 10 8 ▁and SRC ▁60 ▁before ▁2 . 7 . 0 . 12 2 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122 SRK60 before 2.7.0.122 SRR60 before 2.7.0.122 SRS60 before 2.7.0.122 SXK30 before 3.2.33.108 SXR30 before 3.2.33.108 SXS30 before 3.2.33.108 and SRC60 before 2.7.0.122.
SHAP (words)
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2. 7. 0. 122 SRK60 before 2. 7. 0. 122 SRR60 before 2. 7. 0. 122 SRS60 before 2. 7. 0. 122 SXK30 before 3. 2. 33. 108 SXR30 before 3. 2. 33. 108 SXS30 before 3. 2. 33. 108 and SRC60 before 2. 7. 0. 122
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Certain NETGEAR dev ice ##s are affected by incorrect config u ##ration of se ##c uri t ##y settings . This affects RB ##S ##50 ##Y before 2 . 7 . 0 . 122 SR ##K ##60 before 2 . 7 . 0 . 122 SR ##R ##60 before 2 . 7 . 0 . 122 SR ##S ##60 before 2 . 7 . 0 . 122 S ##X ##K ##30 before 3 . 2 . 33 . 108 S XR 30 before 3 . 2 . 33 . 108 S XS 30 before 3 . 2 . 33 . 108 and SRC 60 before 2 . 7 . 0 . 122 . [SEP]
LRP (+Pred, pos-only)
[CLS] Certain NETGEAR dev ice ##s are affected by incorrect config u ##ration of se ##c uri t ##y settings . This affects RB ##S ##50 ##Y before 2 . 7 . 0 . 122 SR ##K ##60 before 2 . 7 . 0 . 122 SR ##R ##60 before 2 . 7 . 0 . 122 SR ##S ##60 before 2 . 7 . 0 . 122 S ##X ##K ##30 before 3 . 2 . 33 . 108 S XR 30 before 3 . 2 . 33 . 108 S XS 30 before 3 . 2 . 33 . 108 and SRC 60 before 2 . 7 . 0 . 122 . [SEP]
LIME (words)
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122 SRK60 before 2.7.0.122 SRR60 before 2.7.0.122 SRS60 before 2.7.0.122 SXK30 before 3.2.33.108 SXR30 before 3.2.33.108 SXS30 before 3.2.33.108 and SRC60 before 2.7.0.122.
SHAP (words)
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2. 7. 0. 122 SRK60 before 2. 7. 0. 122 SRR60 before 2. 7. 0. 122 SRS60 before 2. 7. 0. 122 SXK30 before 3. 2. 33. 108 SXR30 before 3. 2. 33. 108 SXS30 before 3. 2. 33. 108 and SRC60 before 2. 7. 0. 122
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Certain NETGEAR dev ice ##s are affected by incorrect config u ##ration of se ##c uri t ##y settings . This affects RB ##S ##50 ##Y before 2 . 7 . 0 . 122 SR ##K ##60 before 2 . 7 . 0 . 122 SR ##R ##60 before 2 . 7 . 0 . 122 SR ##S ##60 before 2 . 7 . 0 . 122 S ##X ##K ##30 before 3 . 2 . 33 . 108 S XR 30 before 3 . 2 . 33 . 108 S XS 30 before 3 . 2 . 33 . 108 and SRC 60 before 2 . 7 . 0 . 122 . [SEP]
LRP (+Pred, pos-only)
[CLS] Certain NETGEAR dev ice ##s are affected by incorrect config u ##ration of se ##c uri t ##y settings . This affects RB ##S ##50 ##Y before 2 . 7 . 0 . 122 SR ##K ##60 before 2 . 7 . 0 . 122 SR ##R ##60 before 2 . 7 . 0 . 122 SR ##S ##60 before 2 . 7 . 0 . 122 S ##X ##K ##30 before 3 . 2 . 33 . 108 S XR 30 before 3 . 2 . 33 . 108 S XS 30 before 3 . 2 . 33 . 108 and SRC 60 before 2 . 7 . 0 . 122 . [SEP]
LIME (words)
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122 SRK60 before 2.7.0.122 SRR60 before 2.7.0.122 SRS60 before 2.7.0.122 SXK30 before 3.2.33.108 SXR30 before 3.2.33.108 SXS30 before 3.2.33.108 and SRC60 before 2.7.0.122.
SHAP (words)
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2. 7. 0. 122 SRK60 before 2. 7. 0. 122 SRR60 before 2. 7. 0. 122 SRS60 before 2. 7. 0. 122 SXK30 before 3. 2. 33. 108 SXR30 before 3. 2. 33. 108 SXS30 before 3. 2. 33. 108 and SRC60 before 2. 7. 0. 122
#77 · cve_id CVE-2022-35830 · ac
GT=HIGH (1)
xlnet · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Remote Procedure ▁Call Runtime Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
SHAP (words)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
lrp-bert · Pred=LOW (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Remote Procedure Call Runtime Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Remote Procedure Call Runtime Remote Code Execution Vulnerability [SEP]
LIME (words)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
SHAP (words)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
lrp-distilbert · Pred=LOW (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Remote Procedure Call Runtime Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Remote Procedure Call Runtime Remote Code Execution Vulnerability [SEP]
LIME (words)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
SHAP (words)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
#78 · cve_id CVE-2022-2080 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Sense i LMS WordPress plugin ▁before ▁4 . 5 . 2 ▁does ▁not ▁ensure ▁that ▁the sender ▁of ▁a ▁private ▁message ▁is ▁either ▁the ▁teacher ▁or ▁the ▁original sender ▁allowing ▁any authenticated ▁user ▁to ▁send ▁messages ▁to ▁arbitrary ▁private ▁conversation ▁via ▁a IDOR ▁attack . ▁Note : Attackers ▁are ▁not ▁able ▁to ▁see ▁responses / mes s ages ▁between ▁the ▁teacher ▁and ▁student <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
SHAP (words)
The Sensei LMS WordPress plugin before 4. 5. 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/ messages between the teacher and student
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Sense ##i LMS WordPress plugin before 4 . 5 . 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack . Note : Attackers are not able to see responses / messages between the teacher and student [SEP]
LRP (+Pred, pos-only)
[CLS] The Sense ##i LMS WordPress plugin before 4 . 5 . 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack . Note : Attackers are not able to see responses / messages between the teacher and student [SEP]
LIME (words)
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
SHAP (words)
The Sensei LMS WordPress plugin before 4. 5. 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/ messages between the teacher and student
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Sense ##i LMS WordPress plugin before 4 . 5 . 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack . Note : Attackers are not able to see responses / messages between the teacher and student [SEP]
LRP (+Pred, pos-only)
[CLS] The Sense ##i LMS WordPress plugin before 4 . 5 . 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack . Note : Attackers are not able to see responses / messages between the teacher and student [SEP]
LIME (words)
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
SHAP (words)
The Sensei LMS WordPress plugin before 4. 5. 2 does not ensure that the sender of a private message is either the teacher or the original sender allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/ messages between the teacher and student
#79 · cve_id CVE-2022-42280 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
NVIDIA BMC ▁contains ▁a ▁vulnerability ▁in ▁SP X REST auth handler ▁where ▁an ▁un - authorize d ▁attacker ▁can ▁exploit ▁a ▁path traversal ▁which ▁may ▁lead ▁to authentication ▁bypass . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
NVIDIA BMC contains a vulnerability in SPX REST auth handler where an un-authorized attacker can exploit a path traversal which may lead to authentication bypass.
SHAP (words)
NVIDIA BMC contains a vulnerability in SPX REST auth handler where an un- authorized attacker can exploit a path traversal which may lead to authentication bypass
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] NVIDIA BMC contains a vulnerability in SP ##X REST auth handler where an un - authorize d attacker can exploit a path traversal which may lead to authentication bypass . [SEP]
LRP (+Pred, pos-only)
[CLS] NVIDIA BMC contains a vulnerability in SP ##X REST auth handler where an un - authorize d attacker can exploit a path traversal which may lead to authentication bypass . [SEP]
LIME (words)
NVIDIA BMC contains a vulnerability in SPX REST auth handler where an un-authorized attacker can exploit a path traversal which may lead to authentication bypass.
SHAP (words)
NVIDIA BMC contains a vulnerability in SPX REST auth handler where an un- authorized attacker can exploit a path traversal which may lead to authentication bypass
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] NVIDIA BMC contains a vulnerability in SP ##X REST auth handler where an un - authorize d attacker can exploit a path traversal which may lead to authentication bypass . [SEP]
LRP (+Pred, pos-only)
[CLS] NVIDIA BMC contains a vulnerability in SP ##X REST auth handler where an un - authorize d attacker can exploit a path traversal which may lead to authentication bypass . [SEP]
LIME (words)
NVIDIA BMC contains a vulnerability in SPX REST auth handler where an un-authorized attacker can exploit a path traversal which may lead to authentication bypass.
SHAP (words)
NVIDIA BMC contains a vulnerability in SPX REST auth handler where an un- authorized attacker can exploit a path traversal which may lead to authentication bypass
#80 · cve_id CVE-2020-23968 · ac
GT=LOW (0)
xlnet · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁I lex ▁International ▁Sign & go Workstation ▁Security ▁Suite ▁7 . 1 ▁allows ▁elevation ▁of ▁privileges ▁via ▁a symlink ▁attack ▁on ▁Program Data \ I lex \ S & G \ Logs \ 000 - s ng WS Service 1 . log . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
SHAP (words)
Ilex International Sign& go Workstation Security Suite 7. 1 allows elevation of privileges via a symlink attack on ProgramData\ Ilex\ S& G\ Logs\ 000- sngWSService1. log
lrp-bert · Pred=LOW (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Il ##ex International Sign & go Workstation Se ##c uri t ##y Su ite 7 . 1 allows elevation of privileges via a symlink attack on Program ##D ##ata \ Il ##ex \ S & G \ Logs \ 000 - s ##ng ##WS ##S ##er ##vice ##1 . log . [SEP]
LRP (+Pred, pos-only)
[CLS] Il ##ex International Sign & go Workstation Se ##c uri t ##y Su ite 7 . 1 allows elevation of privileges via a symlink attack on Program ##D ##ata \ Il ##ex \ S & G \ Logs \ 000 - s ##ng ##WS ##S ##er ##vice ##1 . log . [SEP]
LIME (words)
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
SHAP (words)
Ilex International Sign& go Workstation Security Suite 7. 1 allows elevation of privileges via a symlink attack on ProgramData\ Ilex\ S& G\ Logs\ 000- sngWSService1. log
lrp-distilbert · Pred=LOW (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Il ##ex International Sign & go Workstation Se ##c uri t ##y Su ite 7 . 1 allows elevation of privileges via a symlink attack on Program ##D ##ata \ Il ##ex \ S & G \ Logs \ 000 - s ##ng ##WS ##S ##er ##vice ##1 . log . [SEP]
LRP (+Pred, pos-only)
[CLS] Il ##ex International Sign & go Workstation Se ##c uri t ##y Su ite 7 . 1 allows elevation of privileges via a symlink attack on Program ##D ##ata \ Il ##ex \ S & G \ Logs \ 000 - s ##ng ##WS ##S ##er ##vice ##1 . log . [SEP]
LIME (words)
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
SHAP (words)
Ilex International Sign& go Workstation Security Suite 7. 1 allows elevation of privileges via a symlink attack on ProgramData\ Ilex\ S& G\ Logs\ 000- sngWSService1. log